The proliferation of computer scams in recent years is worrying. Until the third quarter of 2023, 304,819 criminal offenses of this type were committed, representing 90.4% of all cybercrime committed, according to data from the Ministry of the Interior.
These deceptions are difficult to fit into a Penal Code that cannot adapt at the speed that criminals do. Almost overnight we come across new scams and new terms to learn. Phishing, smishing or vishing are some of the many ways in which scammers can access the victim’s private data and cast their nets into their bank account. Spoofing is another word that is very present in cybercrime terminology.
In almost all of these methods, cybercriminals maliciously use hacking techniques known in slang as spoofing or identity theft. It involves obtaining relevant data from the victim by posing as an official sender, whether an employee of a financial institution or any other organization.
Spoofing can be carried out through a fake website, a fraudulent email, a phone call or IP addresses. And the truth is that attacks are becoming more sophisticated, more difficult to detect.
The telephone scam, which consists of a false employee verbally requesting the passwords to access telephone banking, is also known as spoofing. Although it seems that the simple request for personal data already arouses enough suspicion, the truth is that criminals manage to get someone to take the bait.
The National Police warned a few months ago of a new type of spoofing such as telephone scam. Now, the cybercriminal himself warns that for security reasons the password should not be verbalized to anyone and that the password should be dialed directly into the phone. It is also a trap: the fraudster captures the keystrokes on the terminal, controlling the secret keys from that moment on.
More recently, EL MUNDO detailed another technique known as Caller ID Spoofing. On this occasion, the scammers manage to hide their real phone number and instead show the one they want, such as the number of a bank branch, and thus be able to pass it off as a real call.
One of the victims explained that with this trick the scammer posed as a worker at his bank and called him to warn him that someone had managed to access the application with his passwords from another mobile phone. “Since it was not card fraud,” this article explains, “they could not block them and they could make other types of operations or purchases. In fact, they warned him that they had already detected and paralyzed several operations. The objective is to create a sense of insecurity and urgency that precipitates the response. They offered to transfer his savings to a safe account.” The victim accepted and shortly after found himself with an empty account in the middle of Christmas.
A spoofing cyberattack can come in different ways:
In any case, the golden rule to avoid a spoofing attack is to remember that no private company or public institution requests personal data from its clients.
Below are some of the measures to reduce the risk of suffering an identity theft attack recommended by the National Cybersecurity Institute: