Some examples:
You get a text message from your boss’s cell
phone reading “Yeah….I’m going to need you to stay late and finish that
TPS report” You sense a prank because your buddies in the cubical across
the room are snickering.

You receive an e-mail from your bank saying that there is a
problem with your online account and need to verify your account
information or your account will be suspended. You click on the link at
the end of the e-mail and get a log in page that looks exactly like
your banks. If you enter your log in and password, you just gave a
crook complete access to your bank account.

Spammers, friends and enemies:

Spammers often spoof to trick you into viewing an e-mail. They send
out mass messages with a false identity familiar to a large number of
people so that some percent of those receiving the message will view the
message. Once the recipient is tricked and the e-mail is viewed the
spammer may attempt to sell a product, send a political or religious
message, try to acquire personal or financial information, or deliver a
virus as an attachment.

Spammers spoof to make you think they are someone they are not.
They typically do this in order to separate you from your money.

Your friends spoof for fun and pranks. Hopefully, the end result is a good laugh.

Your enemies spoof for malicious fun and pranks usually resulting in hurt feelings or damaged relationships.

• A cell phone (voice or text message)
• A land line phone
• An e-mail address
• A Web site
• The postal mail

It is often impossible
to know if you have received a spoof. Although to the careful observer
there are several clues that help to separate a spoof from a legitimate
communication.
See our guide to Detecting a Spoof

A spoof works differently in each medium as the following shows:

Text/SMS Spoofs are sent by either e-mail or through a web
site. The sender inputs your number and then inputs the number or name
they want you to see on the caller ID. They then input their message
and send.
See Text/SMS Spoofing for more in depth data.

Phone Spoofs are sent through a phone or a combination of a
web site and a phone. Typically either involves a third party company
that acts as an intermediary. The sender initiates a call by either
visiting the third party company’s web site or calling their specified
call-in number. The sender then inputs the caller ID information they
want displayed and are connected. The third party company does all the
work and charges by the minute. These third party companies will even
change the sender’s voice and record the call for the spoofer.
See Caller ID Spoofing for more in depth data.

URL Spoofing is when the address (A.K.A., domain name or URL)
displayed in the address location bar at the top of a browser is not
really the web page being. For example the user may see
www.citibank.com in the address location bar but really be on the web
page www.iamgoingtorobyou.com
See URL Spoofing for more in depth data.

Web Spoofing is when the spoofer puts a computer between the
internet user’s machine and the entire internet thereby intercepting
everything the internet user does.

To accomplish this a spoofer must first somehow get an internet user
to visit the spoofers trap web page. The spoofer could get an internet
surfer to the trap web page through a variety of tricks and techniques
including but not limited to:

• a link in a spam e-mail
• hyper-link on a non-trap web page
• a link the internet surfer clicks on from a search engine.

Once the internet surfer visits the spoofers trap web page every web
page that the user visits thereafter is served from the spoofers
computer. The internet user sees the actual web pages that they are
visiting but the spoofer is acting as a malicious intermediary ISP,
spying on everything the internet user sees and types. This means that
the spoofer can intercept all of the internet users ID’s, passwords,
credit card information and anything else the web surfer types in to web
pages they visit.

Email Spoofing is when a spoofer falsifies the information
about whom an e-mail is from. Most spam (unsolicited e-mail) uses
e-mail spoofing with the primary intent to trick the recipient into
viewing the e-mail. A good example are the thousands of e-mails
claiming to be from eBay that are really just spam.
See email Spoofing for more in depth data.

IP Spoofing (Internet Protocol Spoofing) is data sent over the
internet (such as an e-mail) broken up and sent in small pieces of
information called packets. These packets, once received, are
reassembled by the recipient. Each packet contains information about
who the packet is from and who the packet is to and other data.
Spoofers can falsify who the packet is from to trick the recipient.
This type of spoofing is often used to gain access to machines which use
IP authentication to verify identity.
See IP Spoofing for more in depth data.

If you’ve been
victimized by a spoofed e-mail or web site you should contact your local
police or sheriff’s departments and file a complaint with the FBI’s
Internet Crime Complaint Center at www.ic3.gov.