There are clues for detecting a spoof for each of the several mediums
discussed on YouSpoof.info. Find the medium you are interested in
below and look for clues to see if you have been spoofed.

TEXT/SMS SPOOFING & CALLER ID SPOOFING
Text & caller ID spoofs are often difficult to detect as there is a
limited amount of data contained within the text or voice caller ID
message and very limited tools on most phones which enable a user to
detect a spoof.

Clues to detecting a spoofed text message:

1. You receive a message from a commercial company you have a
relationship with and you have not specifically signed up to receive
text messages.

2. You receive a message asking you for sensitive financial or personal.

3. You receive a message from a recognized person, however it seems wildly out of character for the sender.

4. You receive a message from a familiar sender but the caller ID name
and number do not match up. For example if the message comes from “Mom”
but the number displayed is incorrect.

Clues to detecting a spoofed voice caller ID message:

1. You receive a call from a representative of a commercial company you
have a relationship with asking you for any sensitive information.

2. If the caller ID shows a recognized person but the caller is not the recognized person.

URL SPOOFING

There are several clues which can help you determine if the web site you think you are visiting is a spoof.

1. The address location bar doesn’t display the correct domain name/URL
for the web site. This is the most commonly spoofed component of URL
spoofing. Spoofers use a JavaScript to insert whatever domain name they
want into the address location bar in order to deceive the user.
For example the location bar might say www.eBay.info but the user might
actually be at the web site www.phishingforebaylogins.net. The web page
probably looks just like eBay’s and keeps track of all log in attempts
in order to harvest eBay user ID and passwords.

2. The status line is located at the bottom left of the browsers screen.
Move your mouse over a link on a web site and the status line displays
the URL where that link goes.
Once again this can be a clue but beware because spoofers can also use a
JavaScript to insert whatever information they want into the status
line bar.

3. Users can glean clues about the URL they are on by viewing the source
HTML code from the menu bar to look for re-written URL’s. To do so in
Internet Explorer look at the top tool bar and click on the view option.
From the view option a list of drop down items will display; choose
the source option. A notepad pop up will open with the source code for
the web page. Look within the source code for bogus URL rewrites.
Note that this is tedious and time consuming task and most users are not
familiar enough with HTML or JavaScript in order to detect a spoof.

4. The easiest and most reliable clue to detecting URL spoofing is to
use the menu bar to view the web page’s Properties. For example in
Internet Explorer from the top menu choose File and then from the drop
down options choose Properties. The Address (URL) of the actual page
will be displayed. If it does not match the URL displayed in the
address line then the page has been spoofed.

E-MAIL SPOOFING

It is easier to determine if an e-mail is a spoof by reviewing the
message the e-mail contains than by using technical tools. For example
if an e-mail is from a commercial entity and the message requests that
you provide your log in ID or your account will be suspended it is
likely a spoofed e-mail. Reputable commercial entities regularly
contact their customers by e-mail but they don’t ask for log in ID
because they already have it.

Another clue is to highlight a link within the suspect e-mail with
the mouse cursor and to then look at the status line at the bottom left
of the screen. If the URL in the status line and the link your mouse is
highlighting do not match up a spoofer is likely at work. Note that
because JavaScript can be used to change the status line this method is
not fool proof. Overall, this is a good technique because a lot of
spoofers do not bother to use the JavaScript to change the status line.

Technical tools include the users viewing the source data for an
e-mail. For example, in Outlook Express the message in question is
chosen and then by right clicking the mouse the user gets a drop down
box. From the drop down box choose Properties and the e-mails source
data will be displayed. Usually spoofers will cover their tracks even
in the details of the source. Viewing the source is therefore not a
reliable tool.

WEB SPOOFING / IP SPOOFING

Use the clues from the URL and E-mail spoofing sections to look for Web and IP spoofing.