Identity spoofing is the act of someone or an organization sending messages to one or more people (”victims”), appearing as a third party.

This third party is most often a trusted person or an organization to the victims, making the victims believe that the content of the message is true and correct. But most of the time the messages sent are misleading and false. Although most of the time identity spoofing is used as a way of advertising goods and services, or simply doing a prank on a friend, Identity Spoofing can be used as way to lead people to dangers as well.

How do people perform Identity Spoofing?

Identity Spoofing is performed by exploiting the faults in communication methods to send messages resulting them to appear as they were sent by someone else, rather than the person who actually sent the message (”culprits”).

As far as I know, emails are the easiest communication method to exploit – more on how they do that later. There are ways to send text messages to people’s mobile phones, setting the sender number to someone else’s number as well. If they can imitate someone’s voice, or pretend in someway that the phone line is not clear, they can use phone calls for this as well.

Identity Spoofing in Emails.

Regarding emails, it’s very easy to send mails making them appear as sent from someone else’s email address. All of the server side scripting languages has functions that allows to generate emails, as long as the web hosting servers allow sending mails (Which all of them do!) from them. You can easily set any email address you want as the sender’s number.

That’s how you end up with many spam emails in your inbox or spam box which says that they were sent by yourself to you! People who send those spams have simply set your email address as both sender’s and receiver’s address. Thankfully, services like GMail automatically detects emails like this and sends them to the spam box, but occasionally one or two of those spams escapes the traps and end up in your inbox, leaving you startled.

Identity Spoofing in Text Messages.

This is more dangerous than Identity Spoofing with emails, because you’re more likely to believe text messages than emails. Specially if it is from one of your friends, you’ll believe the contents in the text messages without a doubt. But beware that text messages from your contacts may actually not be from them.

I recently wrote a post about this, which in fact lead me to write this broader post about general identity spoofing. But what I discussed in that post is that there are websites out there which allow you to send text messages to people setting the sender’s number to anything you want!

People would use methods like this to mass advertise their products, or even worse set one of your friends against you. Think that someone sends a threatening text message to someone you know, setting the sender’s number to your one. When that person get that message, they’ll not doubt that it was from you, leading them to take actions against you!

Why do people do Identity Spoofing?

People may do Identity Spoofing for various reasons. Setting people against each other, advertising their products, or pulling a prank on someone are just few examples. They gain the victims’ trust appearing as someone they know or familiar with, and use that trust for their benefit. When someone finds something to exploit and make something work for his benefit, he’ll always find hundreds of ways to use that.

How to protect yourself from Identity Spoofing?

This is the most important question. We can’t stop people from doing evil or make communication systems without any fault. Someone will eventually find faults in any man made thing. What we can do is preparing ourselves.

Beware that communication systems can’t be trusted completely. Text messages or emails from your friends may actually not be from them. If you receive a message that makes you too sad, too angry, or too happy, or something that looks out of place and out of context, always call the person who you think sent that, and confirm the originality of the message. If someone calls you and you suspect he’s not actually who he claims to be, meet him or call your mutual friends and ask.

Educate your friends and family about dangers like this. Refer them articles like this and enlighten them. So not only you, but they too will know how to react in an event where someone spoof the identity of someone they know. Do it because the “someone” that the culprits fake may be you!


What is your opinion on this? Were you aware of dangers like this earlier and did you know how to act in an event like this? What would you have done? What would you do now? Share them all in the comments section.