Spoofing: fake identities as a method of fraud

Spoofing is a deceptive method used by criminals to obtain personal data using false identities. Telephone numbers, email addresses or even websites are faked so cleverly that they appear deceptively genuine at first glance. As a result, the people contacted usually feel safe and therefore disclose personal data.

Spoofing is a method that fraudsters use for phishing.

• Telephone spoofing
  You receive a call from a seemingly trustworthy number. 
  Example: The caller claims to work at your bank and that there is a problem with your account. You should therefore confirm your access data. In reality, this is how your data is stolen.
• Email spoofing
  The email sender looks familiar and well known because it differs only slightly from the original address.
  Example: The sender pretends to be your boss and asks you to make a certain payment urgently. This is an attempt at fraud. 
• GPS spoofing
  Fake GPS signals are sent out, and a false location is given.
  Example: Your navigation app takes you to a different location to the one you wanted. Thieves are already waiting for their opportunity at the destination.
• Website spoofing
  You are redirected to a seemingly legitimate website to enter data.
  Example: You receive an email with a link that supposedly leads to your online banking. This is a fake website on which you enter your access data.
• IP spoofing
  Fake IP addresses are used in personal networks.
  Example: A fake IP address appears in your network. This can be used to intercept confidential data or install malware on your devices.

• Calls: 
  Be suspicious of calls that ask for personal information or access data. Banks and reputable companies, for example, never ask for strictly confidential passwords over the phone. Although it is common for banks to identify their customers over the phone by asking security questions, no access data is required. As a rule, more harmless details such as your date of birth or account number are requested.
  
  Find out the officially recognized number of the alleged sender (e.g. via the official website or your contract documents) and call them. This allows you to check whether the call actually came from your bank, for example.
• Emails
  Pay attention to small deviations in the email address, such as additional letters or swapped characters. Grammatical and spelling mistakes can also be signs of a fake email address.
  
  Check links by moving the mouse over the link to display the actual URL. Do not click on the link beforehand.
• GPS
  If your device suddenly displays inaccurate or inconsistent location data, it could be a sign of GPS spoofing.
  
  Use another app or location service to check your position.
• Websites
  Make sure that the URL is spelled correctly and begins with "https://". Check the lock symbol in the address bar. Check whether you notice any differences in the design or content compared to the website you are used to or familiar with. 
  
  Where possible, you should use two-factor authentication. This gives you additional security when logging in or entering data. 
• IP addresses
  Install network monitoring tools to detect unusual activity and suspicious IP addresses.
  
  Use firewalls and IDS systems to block and report suspicious network activity.

• Report the incident to the company concerned (e.g. bank, online store). In this way, you may be able to limit the extent of the damage, and the company can warn other users in good time.
• Change all your passwords. Make sure you use secure and unique combinations of letters, numbers and special characters. A password manager is particularly useful here. It creates and manages passwords for you. Our Zurich Cyber Security App offers you a password manager and all important protection functions – for up to 10 devices, including family and friends.
• Get advice from cyber experts: With Cyber – Prevention, Zurich offers you the option of calling cyber experts in the event of a cyber incident or a suspicion of one. You will receive advice and guidance there.
  
  Find out more today
• Report the incident to the police: File a report and provide as many details as possible about the attack and the suspicious activity. The authorities can initiate investigations and possibly help to identify and catch the perpetrators. Your information also helps to protect others from similar attacks.
• Check account activity regularly: Keep an eye on bank, credit card and user accounts so that you notice suspicious activity in good time. Clarify any conspicuous transactions with the provider immediately.
• Check whether your data has been stolen: Our free ID check uses your email address to check whether information about you has been disclosed through a data leak.
  
  To the ID check