There are clues for detecting a spoof for each of the several mediums
discussed on YouSpoof.info. Find the medium you are interested in
below and look for clues to see if you have been spoofed.

TEXT/SMS SPOOFING & CALLER ID SPOOFING
Text & caller ID spoofs are often difficult to detect as there is a
limited amount of data contained within the text or voice caller ID
message and very limited tools on most phones which enable a user to
detect a spoof.

Clues to detecting a spoofed text message:

1. You receive a message from a commercial company you have a
relationship with and you have not specifically signed up to receive
text messages.

2. You receive a message asking you for sensitive financial or personal.

3. You receive a message from a recognized person, however it seems wildly out of character for the sender.

4. You receive a message from a familiar sender but the caller ID name
and number do not match up. For example if the message comes from “Mom”
but the number displayed is incorrect.

Clues to detecting a spoofed voice caller ID message:

1. You receive a call from a representative of a commercial company you
have a relationship with asking you for any sensitive information.

2. If the caller ID shows a recognized person but the caller is not the recognized person.

URL SPOOFING

There are several clues which can help you determine if the web site you think you are visiting is a spoof.

1. The address location bar doesn’t display the correct domain name/URL
for the web site. This is the most commonly spoofed component of URL
spoofing. Spoofers use a JavaScript to insert whatever domain name they
want into the address location bar in order to deceive the user.
For example the location bar might say www.eBay.info but the user might
actually be at the web site www.phishingforebaylogins.net. The web page
probably looks just like eBay’s and keeps track of all log in attempts
in order to harvest eBay user ID and passwords.

2. The status line is located at the bottom left of the browsers screen.
Move your mouse over a link on a web site and the status line displays
the URL where that link goes.
Once again this can be a clue but beware because spoofers can also use a
JavaScript to insert whatever information they want into the status
line bar.

3. Users can glean clues about the URL they are on by viewing the source
HTML code from the menu bar to look for re-written URL’s. To do so in
Internet Explorer look at the top tool bar and click on the view option.
From the view option a list of drop down items will display; choose
the source option. A notepad pop up will open with the source code for
the web page. Look within the source code for bogus URL rewrites.
Note that this is tedious and time consuming task and most users are not
familiar enough with HTML or JavaScript in order to detect a spoof.

4. The easiest and most reliable clue to detecting URL spoofing is to
use the menu bar to view the web page’s Properties. For example in
Internet Explorer from the top menu choose File and then from the drop
down options choose Properties. The Address (URL) of the actual page
will be displayed. If it does not match the URL displayed in the
address line then the page has been spoofed.

E-MAIL SPOOFING

It is easier to determine if an e-mail is a spoof by reviewing the
message the e-mail contains than by using technical tools. For example
if an e-mail is from a commercial entity and the message requests that
you provide your log in ID or your account will be suspended it is
likely a spoofed e-mail. Reputable commercial entities regularly
contact their customers by e-mail but they don’t ask for log in ID
because they already have it.

Another clue is to highlight a link within the suspect e-mail with
the mouse cursor and to then look at the status line at the bottom left
of the screen. If the URL in the status line and the link your mouse is
highlighting do not match up a spoofer is likely at work. Note that
because JavaScript can be used to change the status line this method is
not fool proof. Overall, this is a good technique because a lot of
spoofers do not bother to use the JavaScript to change the status line.

Technical tools include the users viewing the source data for an
e-mail. For example, in Outlook Express the message in question is
chosen and then by right clicking the mouse the user gets a drop down
box. From the drop down box choose Properties and the e-mails source
data will be displayed. Usually spoofers will cover their tracks even
in the details of the source. Viewing the source is therefore not a
reliable tool.

WEB SPOOFING / IP SPOOFING

Use the clues from the URL and E-mail spoofing sections to look for Web and IP spoofing.

Text/SMS Spoofs are sent by either e-mail or through a web
site. The sender inputs your number and then inputs the number or name
they want you to see on the caller ID. They then input their message
and send.
See Text/SMS Spoofing for more in depth data.

Phone Spoofs are sent through a phone or a combination of a
web site and a phone. Typically either involves a third party company
that acts as an intermediary. The sender initiates a call by either
visiting the third party company’s web site or calling their specified
call in number. The sender then inputs the caller ID information they
want displayed and they are connected. The third party company does all
the work and charges by the minute. These third party companies will
even change the sender’s voice and record the call for the spoofer.
See Caller ID Spoofing for more in depth data.

URL Spoofing – When the address (A.K.A., domain name or URL)
displayed in the address ‘location’ bar at the top of a browser is not
really the web page being displayed it has been spoofed. For example
the user may see www.citibank.com in the address location bar but really
be on the web page www.iamgoingtorobyou.com

Web Spoofing is when the spoofer puts a computer between the
internet user’s machine and the entire internet thereby intercepting
everything the internet user does.

To accomplish this a spoofer must first somehow get an internet user
to visit the spoofers ‘trap’ web page. The spoofer could get an
internet surfer to the ‘trap’ web page through a variety of tricks and
techniques including but not limited to:

• a link in a spam e-mail
• through a hyper-link on a non-trap web page
• even a link the internet surfer clicks on from a search engine.

Once the internet surfer visits the spoofers ‘trap’ web page every
web page that the internet user visits thereafter is served from
spoofers computer. The internet user sees the actual web pages that
they are visiting but the spoofer is acting as a malicious intermediary
ISP, spying on everything the internet user sees and types. This means
that the spoofer can intercept all of the internet users ID’s and
passwords, credit card information, and anything else the web surfer
types in to web pages they visit.

e-mail Spoofing is when a spoofer falsifies the information
about whom an e-mail is from. Most spam (unsolicited e-mail) uses
e-mail spoofing with the primary intent to trick the recipient into
viewing the e-mail. A good example is the thousands of e-mail claiming
to be from eBay that are really spam.
The spammer usually does not spoof to hide their location. In fact the
spammer will go to much greater lengths to hide their actual location
using a variety of techniques- so that they can not be found.
See e-mail Spoofing for more in depth data

IP Spoofing – (Internet Protocol Spoofing) – Data sent over
the internet (such as an e-mail) is broken up and sent in small pieces
of information called packets. These packets once received are
reassembled by the recipient. Each packet contains information about
who the packet is from and who the packet is to, among other data.
Spoofers can falsify who the packet is from to trick the recipient.
This type of spoofing is often used to gain access to machines which use
IP authentication to verify identity.
See IP Spoofing for more in depth data.

Some examples:
You get a text message from your boss’s cell
phone reading “Yeah….I’m going to need you to stay late and finish that
TPS report” You sense a prank because your buddies in the cubical across
the room are snickering.

You receive an e-mail from your bank saying that there is a
problem with your online account and need to verify your account
information or your account will be suspended. You click on the link at
the end of the e-mail and get a log in page that looks exactly like
your banks. If you enter your log in and password, you just gave a
crook complete access to your bank account.

Spammers, friends and enemies:

Spammers often spoof to trick you into viewing an e-mail. They send
out mass messages with a false identity familiar to a large number of
people so that some percent of those receiving the message will view the
message. Once the recipient is tricked and the e-mail is viewed the
spammer may attempt to sell a product, send a political or religious
message, try to acquire personal or financial information, or deliver a
virus as an attachment.

Spammers spoof to make you think they are someone they are not.
They typically do this in order to separate you from your money.

Your friends spoof for fun and pranks. Hopefully, the end result is a good laugh.

Your enemies spoof for malicious fun and pranks usually resulting in hurt feelings or damaged relationships.

• A cell phone (voice or text message)
• A land line phone
• An e-mail address
• A Web site
• The postal mail

It is often impossible
to know if you have received a spoof. Although to the careful observer
there are several clues that help to separate a spoof from a legitimate
communication.
See our guide to Detecting a Spoof

A spoof works differently in each medium as the following shows:

Text/SMS Spoofs are sent by either e-mail or through a web
site. The sender inputs your number and then inputs the number or name
they want you to see on the caller ID. They then input their message
and send.
See Text/SMS Spoofing for more in depth data.

Phone Spoofs are sent through a phone or a combination of a
web site and a phone. Typically either involves a third party company
that acts as an intermediary. The sender initiates a call by either
visiting the third party company’s web site or calling their specified
call-in number. The sender then inputs the caller ID information they
want displayed and are connected. The third party company does all the
work and charges by the minute. These third party companies will even
change the sender’s voice and record the call for the spoofer.
See Caller ID Spoofing for more in depth data.

URL Spoofing is when the address (A.K.A., domain name or URL)
displayed in the address location bar at the top of a browser is not
really the web page being. For example the user may see
www.citibank.com in the address location bar but really be on the web
page www.iamgoingtorobyou.com
See URL Spoofing for more in depth data.

Web Spoofing is when the spoofer puts a computer between the
internet user’s machine and the entire internet thereby intercepting
everything the internet user does.

To accomplish this a spoofer must first somehow get an internet user
to visit the spoofers trap web page. The spoofer could get an internet
surfer to the trap web page through a variety of tricks and techniques
including but not limited to:

• a link in a spam e-mail
• hyper-link on a non-trap web page
• a link the internet surfer clicks on from a search engine.

Once the internet surfer visits the spoofers trap web page every web
page that the user visits thereafter is served from the spoofers
computer. The internet user sees the actual web pages that they are
visiting but the spoofer is acting as a malicious intermediary ISP,
spying on everything the internet user sees and types. This means that
the spoofer can intercept all of the internet users ID’s, passwords,
credit card information and anything else the web surfer types in to web
pages they visit.

Email Spoofing is when a spoofer falsifies the information
about whom an e-mail is from. Most spam (unsolicited e-mail) uses
e-mail spoofing with the primary intent to trick the recipient into
viewing the e-mail. A good example are the thousands of e-mails
claiming to be from eBay that are really just spam.
See email Spoofing for more in depth data.

IP Spoofing (Internet Protocol Spoofing) is data sent over the
internet (such as an e-mail) broken up and sent in small pieces of
information called packets. These packets, once received, are
reassembled by the recipient. Each packet contains information about
who the packet is from and who the packet is to and other data.
Spoofers can falsify who the packet is from to trick the recipient.
This type of spoofing is often used to gain access to machines which use
IP authentication to verify identity.
See IP Spoofing for more in depth data.

If you’ve been
victimized by a spoofed e-mail or web site you should contact your local
police or sheriff’s departments and file a complaint with the FBI’s
Internet Crime Complaint Center at www.ic3.gov.