Investor Alert: Spoofing and Phishing - Communications Disguised to Steal Your Money and Information
Investor Alert: Spoofing and Phishing
Communications Disguised to Steal Your Money and Information
One of the top 20 scams in 2026 reported by the FBI in the US is Spoofing and Phishing.
Spoofing is when a scammer disguises themselves in an email address, sender name, phone number, or website URL and this is done by changing one letter, symbol, or number. Scammers do this to convince you that you are interacting with a trusted person or source. The scammers try to impersonate and disguise themselves as financial institutions like banks, government agencies requesting unpaid fines, or investment apps that look so very similar to the real app.
For example, you might receive an email that looks like it’s from your bank, a company you’ve done business with, but it isn’t, it’s a scammer using the trust you have in this source. They use this instilled trust to make you do unusual steps with your money.
Scammers count on being able to manipulate your trust and emotions into believing that these spoofed communications are real. Without taking a moment to pause and verify the legitimacy of communications, it can lead you to download malicious software, send money, or share personal, financial, or other sensitive information.
Phishing schemes often use spoofing tactics to lure you in and get you to trust them. These scams are designed to trick you into trusting them into thinking you are communicating with a legitimate source and giving information to criminals that they can possibly use to rob you of money and identity.
Currently reported by news stations nationwide, you might receive a call, text, or email from your bank but really, it’s a spoof scammer. These communications require you to move your money quickly, and to access your computer quickly, or get into your bank account quickly.
The FBI states, “But once you click on that link, you’re sent to a spoofed website that might look nearly identical to the real thing—like your bank or credit card site—and asked to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information.”
Phishing scams can happen to anyone. It can happen via call or text, voice email, or VoIP (voice over internet protocol) calls. It can also happen when malicious code is installed on your computer to redirect you to fake websites.
Here are tips the FBI shares about how to protect yourself:
- Legitimate companies generally don’t ask for your username or password or code.
- Don’t click on anything in an unsolicited email or text message.
- Look up the company’s phone number on your own (don’t use the one a potential scammer is providing) and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL, and spelling used in any correspondence.
- Scammers use slight differences to trick your eye and gain your trust.
- Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it and never disable it.
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.