What is “spoofing”?

The Wise Geek defines it as:

Spoofing is, generally, the act of one person pretending to be someone else, usually in an effort to scam someone or otherwise commit either fraudulent or fairly malicious acts. The word "spoof" is often used in entertainment to mean a type of media that uses imitation to parody another program or work of entertainment. In the sense that it is used in security and fraud, however, spoofing is used because a person is using imitation to appear to be another person or service and gain sensitive information or otherwise maintain an advantage over the unwitting victim.

Different types of spoofing include those involving caller ID, email, and uniform resource locators (URLs). Caller ID spoofing involves the use of a computer program to create an incorrect identity and phone number that appears on a caller ID. The development of caller ID allowed people to readily see who was calling without having to answer the phone. Caller ID spoofing allows a person to make a phone call appear as though it is coming from someone or somewhere else. Programs for caller ID spoofing allow a user to enter any name and phone number he or she wants and have that come up on the display of the receiving person's caller ID.

Email spoofing is the act of sending an email that shows an incorrect and inaccurate "From:" line. This means that someone receiving an email may believe it has come from a person or service he or she knows, when really the email may originate from somewhere else. These types of email spoofs are often used as part of a "phishing" scheme that also typically involves some time of URL spoofing as well.

URL spoofing is when a fraudulent, often malicious, website is set up that appears to be a different, legitimate website to obtain sensitive information. The false websites can sometimes be used to install viruses or Trojans into a user's computer, but more often are used to receive information from a user. These types of spoofing can be used to launch a more elaborate attack.

Does spoofing occur in Iowa and do you have a recent example?

Yes it occurs in Iowa and a most recent example comes to us from the Iowa State Fire Marshal and a fund raising attempt by someone posing as engaged in a fundraiser for the Iowa Firefighter's Association. Here is the public service announcement from the State Fire Marshal.

STATE FIRE MARSHAL WARNS IOWANS OF SUSPICIOUS PHONE SOLICITATION

Des Moines, IOWA --- In conjunction with the Iowa Firefighter's Association the State Fire Marshal's Office is warning Iowans of suspicious phone solicitation regarding fund raising activities.

On November 16, 2010, the Iowa Firefighter's Association received a report of a suspicious phone solicitation where caller ID shows the call as originating from an Urbandale, Iowa phone number.  It appears the caller is "spoofing" the caller ID to hide the caller's phone number.  In this case, the caller was seeking a donation to pay for firefighting equipment and stated they were representing Iowa Firefighters, but gave no specific department or organization.  This call occurred in the Camanche, Iowa area.  The Iowa Firefighter's Association has also received a report of a similar call in Ruthven, Iowa.

The State Fire Marshal and the Iowa Firefighter's Association would like to remind Iowans that they do not participate in phone solicitation programs.  While there are legitimate professional fund-raising companies that are hired by organizations to solicit donations on their behalf, people receiving these calls should be very cautious.   "Legitimate organizations will be quick to provide phone numbers and information so that you can verify that your donation will go where you want it to go.  People receiving phone calls requesting donations must verify that the request is legitimate before making any donation," said Iowa Firefighters Association President Ellen Hagen.  Those interested in making a donation to a charitable organization, should first do their homework.  They should take some time to learn about the group or organization in order to ensure their legitimacy and that their donation is being used for the purpose intended.

The Iowa Attorney General's Office offers these tips to protect the public from fund raising abuses:

• Don't be fooled by a sympathetic name or "pitch".  Some operations use names that promise more than they deliver.  For example, veterans, law enforcement, firefighters, and children's causes clearly deserve generous public support - but some marginal operations claim connections with such groups yet provide them with very little support.  Contact your local sheriff, police department, fire department or veteran's organization to check out claims that a donation "will be used locally."
• Ask Questions.  Reputable charities welcome questions.  Ask how much of your donation will go for the charitable purpose, and exactly how and where your contribution will be used.  Ask if the caller is a professional fundraiser.
• Ask phone solicitors to send written information.  Check out the charity before you make a decision.  Be suspicious if they refuse to send solid information.  Check them out at the national Better Business Bureau "wise giving" site - www.give.org
• Don't be fooled by "look-alike" names.  Some scams use names that sound impressive and are designed to resemble well-respected organizations.
• Don't give your credit card or checking account numbers over the phone to someone you don't know.
• Give directly to a known charity of your choice.  That's always the best option.  Check your telephone directory for a charity's local office and contact the office.

If you think you may have been cheated by a fundraising scheme, write to the Attorney General's Consumer Protection Division, Hoover State Office Building, Des Moines, Iowa  50319, or call (515) 281-5926 or (888) 777-4590 toll free or visit the Attorney General's website at www.IowaAttorneyGeneral.gov

Please check with your local charitable organization before making any contribution and be sure to report any suspicious fund-raising activity to your local police department.