Identity Spoofing and How to Protect Yourself from It.

Identity spoofing is the act of someone or an organization sending messages to one or more people (”victims”), appearing as a third party.

This third party is most often a trusted person or an organization to the victims, making the victims believe that the content of the message is true and correct. But most of the time the messages sent are misleading and false. Although most of the time identity spoofing is used as a way of advertising goods and services, or simply doing a prank on a friend, Identity Spoofing can be used as way to lead people to dangers as well.

How do people perform Identity Spoofing?

Identity Spoofing is performed by exploiting the faults in communication methods to send messages resulting them to appear as they were sent by someone else, rather than the person who actually sent the message (”culprits”).

As far as I know, emails are the easiest communication method to exploit – more on how they do that later. There are ways to send text messages to people’s mobile phones, setting the sender number to someone else’s number as well. If they can imitate someone’s voice, or pretend in someway that the phone line is not clear, they can use phone calls for this as well.

Identity Spoofing in Emails.

Regarding emails, it’s very easy to send mails making them appear as sent from someone else’s email address. All of the server side scripting languages has functions that allows to generate emails, as long as the web hosting servers allow sending mails (Which all of them do!) from them. You can easily set any email address you want as the sender’s number.

That’s how you end up with many spam emails in your inbox or spam box which says that they were sent by yourself to you! People who send those spams have simply set your email address as both sender’s and receiver’s address. Thankfully, services like GMail automatically detects emails like this and sends them to the spam box, but occasionally one or two of those spams escapes the traps and end up in your inbox, leaving you startled.

Identity Spoofing in Text Messages.

This is more dangerous than Identity Spoofing with emails, because you’re more likely to believe text messages than emails. Specially if it is from one of your friends, you’ll believe the contents in the text messages without a doubt. But beware that text messages from your contacts may actually not be from them.

I recently wrote a post about this, which in fact lead me to write this broader post about general identity spoofing. But what I discussed in that post is that there are websites out there which allow you to send text messages to people setting the sender’s number to anything you want!

People would use methods like this to mass advertise their products, or even worse set one of your friends against you. Think that someone sends a threatening text message to someone you know, setting the sender’s number to your one. When that person get that message, they’ll not doubt that it was from you, leading them to take actions against you!

Why do people do Identity Spoofing?

People may do Identity Spoofing for various reasons. Setting people against each other, advertising their products, or pulling a prank on someone are just few examples. They gain the victims’ trust appearing as someone they know or familiar with, and use that trust for their benefit. When someone finds something to exploit and make something work for his benefit, he’ll always find hundreds of ways to use that.

How to protect yourself from Identity Spoofing?

This is the most important question. We can’t stop people from doing evil or make communication systems without any fault. Someone will eventually find faults in any man made thing. What we can do is preparing ourselves.

Beware that communication systems can’t be trusted completely. Text messages or emails from your friends may actually not be from them. If you receive a message that makes you too sad, too angry, or too happy, or something that looks out of place and out of context, always call the person who you think sent that, and confirm the originality of the message. If someone calls you and you suspect he’s not actually who he claims to be, meet him or call your mutual friends and ask.

Educate your friends and family about dangers like this. Refer them articles like this and enlighten them. So not only you, but they too will know how to react in an event where someone spoof the identity of someone they know. Do it because the “someone” that the culprits fake may be you!


What is your opinion on this? Were you aware of dangers like this earlier and did you know how to act in an event like this? What would you have done? What would you do now? Share them all in the comments section.

20 comments

  1. Spoofing has become a major problem in Asian countries where internet or as one calls it cyber security is still bleak and not much measures are really taken …. This leads to easy infiltration which is harmful…..

    Nice article

    1. I think culprits can be anywhere, regardless of the country. But the level of ICT knowledge and the ability to sense fishy things definitely play a role here, which can be low in developing countries – and even in rural areas of developed countries – due to the lack of knowledge that this kinds of evil exists.

      I remember someone said one day, there was a time when people believed in anything printed. We’re still in that level regarding electronic information.

  2. Identity spoofing has been around for a long time, but many people are still unaware that such a practice exists. Your article does a great job explaining this potential hazard for web users and how they can protect themselves.

  3. Great spoofing guide actually. I’ve learned to protect myself it from an earlier age and could easily see them 15 years ago. Nothing really has changed.

  4. Spoofing is a real problem, and thanks for the ways to identify it, and protect from it….but dot you think there are guys out there, who would have already got a loop to get in again???? They always find a way for creating problems. I agree with Scott on this…..

  5. Yes Supun, you said it right. This is a much bigger issue than anybody thinks. Most of the people who are affected with this are the non-technical users. They usually fail to identify the hints in these spams and fall for it. I have seen plenty of emails which looked like they were from my bank, but in fact they were spoofed emails. They were almost always some kind of warnings which would make you click on a link and try to log in to your account. But in reality you are posting your username and password to these spammers website. The best thing to do in these situations is to go directly to your bank website instead of clicking on the link inside the email. Thanks for bringing up this issue and creating awareness among people.

  6. As Supun points out in the article, spoofing can take on many different forms.

    I looked up “spoofing” on Wikipedia, and there are separate entries/articles for caller ID spoofing, e-mail spoofing, IP address spoofing, protocol spoofing, website spoofing, etc.

    I agree with Ransae’s point. It’s an endless match between law enforcement and the “bad guys”. Same thing with anti-virus software makers and black-hat hackers; each one continually tries to outdo or stay ahead of the other.

  7. What happens when someone is spoofing someone else harassing stuff but putting it as if I really done it?
    We are going threw a custody battle regarding my step son. The biological mother & grandmother is stating I have been harassing them via text & calls. When in honest to Gods truth I HAVE NOT! They are stating they have proof. My husband & I pay $300.00 a month for our phones threw Verizon just so we are able to prove who we do & don’t call or text. But then theirs stupid people out in the world who comes up with garbage like spoof stuff. How can I prove NO I have not been doing the things they are claiming against me?

Leave a comment

Your email address will not be published. Required fields are marked *