CUNA 2023 diamond award trophy icon

CUNA 2023 Diamond Award Winner

Financial Education

Spoofing Scams: All You Need to Know

Learn the most common forms of this cybercrime and how to protect yourself.

Green glowing hand going to make a phone call. Voice cloning, using artifical inelligence in spoofing and fraud concept.
info dialog icon Worried you are a victim of identity theft? Quorum's partners can help. Click here.

It’s your bank or credit union on the line asking for your account information—or is it? It may actually be a spoofing scam! Let’s take a look at spoofing, how it works and red flags that can alert you to a possible spoofing scam.

What is spoofing?

Spoofing is the criminal act of disguising a communication from an unknown source to appear as if it’s being sent from a trusted and known contact. The ultimate goal of spoofing is to get the target to share their sensitive information and/or their money with the scammer. For example, a spoofer may pretend to represent a victim’s credit card company and lead them into sharing their account details.

Types of spoofing

Cybercriminals have a variety of ways to pull off their spoofing. Here are the more common forms:

Email spoofing

In email spoofing, an attacker sends an email message that appears to be from a known or trusted source. The emails often include links to harmful websites or attachments that will infect the victim’s device.

IP spoofing

In IP spoofing, an attacker tries to gain access to a system by sending messages via a bogus or spoofed IP address appearing to be from a recognized, trusted source, such as one on the same internal computer network.

Caller ID spoofing

Here, attackers make a phone call to a target that appears to be from a known caller. The scammer will often pose as the victim’s bank or credit union. The victim, believing they are speaking with a representative of their financial institution, will not hesitate to disclose their account information and passwords.

Facial spoofing

In this most recent form of spoofing, a scammer uses a photo or video of a target’s face to simulate their facial biometrics. This enables them to unlock accounts that can only be opened by facial recognition.

Website spoofing

In website spoofing, a scammer creates a bogus site that looks just like a reputable site the victim frequents. Attackers lure victims to this site to steal their login credentials and personal info.

Text-message spoofing

In this scam, also known as smishing, a victim gets a text message on their personal device that appears to have been sent from a trusted source, such as the victim’s financial institution, place of work or doctor’s office.

Deepfakes and spoofing

Deepfakes is a relatively new and dangerous tool for spoofers. A deepfake is a fake image, video or audio clip that has been edited to appear authentic. For example, a scammer may create a deepfake video using an image and audio recording of a celebrity to make it appear as if they are telling you to open a link or support a specific cause.

Spoofing Quorum Infographic

Protect yourself.

Spoofing is a formidable danger for consumers across the economic spectrum, but with the right tools and knowledge, you can avoid falling victim to these scams. Here’s how to protect yourself from a spoofing attack:

  • Turn on your email’s spam filter and mark incoming suspicious emails as spam.
  • Use two-factor authentication and/or biometric logins when possible.
  • Use strong, unique passwords across all of your accounts.
  • Make sure your device’s security system is at its strongest setting and uses the most updated patches.
  • Never click on links or open attachments from an unverified source.
  • Never share personal information online or over the phone with an unknown contact.
  • If you’re allegedly contacted by your financial institution and asked to provide your login credentials or account details, don’t respond. Contact your bank or credit union directly to ask about any possible issues with your account.
  • Don’t take phone calls at face value, even with caller ID. If you suspect foul play, Google the phone number presented on the caller ID to see if it’s associated with scams.
  • Identify deepfakes by looking for small details. Zoom into the image or video and verify if the words and lip movements are in sync. Look for lip color that looks unnatural, unrealistic facial hair, exaggeratedly wrinkled or smooth skin and non-existent moles.

Red flags

Look out for these red flags that can alert you to a possible spoofing attack:

  • Websites with a URL that’s similar to the URL of a reputable site.
  • Websites riddled with typos, unusual syntax and spelling errors.
  • An alleged rep of your bank or credit union asks you to call a number that’s not associated with your financial institution.
  • You’re asked to share your login credentials or account number with an unverified contact.
  • Familiar corporate branding, such as logos, colors and call-to-action buttons in messages requesting you take action that’s out of the ordinary.


Stay alert and stay safe!

Your Identity is Yours. Let's Keep It That Way. Identity theft can happen to anyone. Our trusted partners at BALANCE have the tools you need to ensure your personal information doesn't fall into the wrong hands.

Comments Section

Please note: Comments are not monitored for member servicing inquiries and will not be published. If you have a question or comment about a Quorum product or account, please visit to submit a query with our Member Service Team. Thank you.

Notify of
Inline Feedbacks
View all comments
CUNA 2023 diamond award trophy icon

CUNA 2023 Diamond Award Winner

Financial Education

Quorum derives no benefit from businesses in return for placement in this blog.

Would love your thoughts, please comment.x