Sharpen Your Cyber Security Skills: Spoofing and Phishing

This October, we’re focusing on something truly scary…cyber scams. The bad news is cyber crime is not slowing down. The good news is there are steps you can take to protect your information from the spookiest of scams.

How Do Cybercriminals Get Access To Your Information?

The two most common cyber scams can be categorized as spoofing and phishing.


As defined by the FBI, “spoofing” is when someone disguises an email address, sender name, phone number or website URL to convince you that you are interacting with a trusted source. This is often accomplished by changing just one letter or number to trick your mind into thinking it’s a recognizable sender or website.

Imagine this scenario – you receive an email from your boss, John Doe asking you to wire money to an external account. This request isn’t unusual – you process these all the time for your employer. But instead of coming from the correct email address of the email is coming from It’s just one letter and number different – but it may feel the same. Scammers are counting on you to follow your “boss’s” instructions and not notice the difference in email addresses.


Phishing schemes use spoofing tactics to convince users to download malicious software, send money or give out sensitive information.

Let’s take the example of again. Perhaps the scammer emails you using and asks you to sign into the company’s credit card site. Except, the scammer doesn’t provide a link to the correct site. They provide a link to a spoofed website that looks and feels just like the real thing. Without realizing it, you may be prompted to login with your real username and password and provide credit card information, PINs or other financial information that could harm your business if it’s in the wrong hands. But the good news is, there are steps you can take to protect yourself.

What Can I Do To Protect My Information?

Stay informed and stay watchful. The FBI has six helpful tips you can take today to protect yourself and your information:

  • Remember that companies generally don’t contact you to ask for your username and password.
  • Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing) and call the company to ask if the request is legitimate.
  • Carefully examine the email address, URL and spelling used in any correspondence or on your browser. Scammers use slight differences to trick your eye and gain your trust.
  • Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
  • Set up two-factor (or multi-factor) authentication on any account that allows it and never disable it.
  • Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
Some content requires Adobe Acrobat Reader to view.