Skip to main content

Keeping you cybersafe

What to know about spoofing and its counterpart — script spoofing.

March 2023 Time to read 2 min read

Fraudsters know one thing’s for sure—humans don’t hand over their personal information willingly. That’s why they’re so skilled in the art of deception. They’re also taking advantage of our dependency on handheld devices. The smaller the screen, the easier it is to miss important red flags…

Digital deception isn’t going anywhere. In fact, it’ll only grow more sophisticated. Here’s what to look out for to keep you safe.

Spoofing: When a text, email or website is mimicked by a cybercriminal to trick you into thinking it’s from a legitimate organization.

Chances are very high that you’ve already come across this before. It’s the email that looks like it’s coming from Costco—complete with logo urging you to “click here for your free reward.” It’s the text that’s supposedly from the CRA, requesting you to call a certain number to “confirm” personal details. The list goes on.

Script spoofing: when a cybercriminal stealthily impersonates an email or web address.

We’re talking extremely subtle impersonation. Think a web address with a word misspelled by one letter ( for example) or using the number ‘0’ instead of an uppercase ‘O’ in an email address. As you can imagine, script spoofing is hard to catch, especially on the small screen. People mistake the script spoofing for the real deal, click the link and the spoofing continues.

What can I do to guard against spoofing & script spoofing?  

  • Before clicking on hyperlinks within emails and websites, hover over the link to confirm where it leads is where you want to go.  
  • Use a trusted web browser to open links, as they’re more likely to block script spoofing.
  • Perform regular system updates on your computer and personal devices. Updates contain important patches and other security measures that will help safeguard you from visiting fraudulent websites.
  • When in doubt, do a little investigation. Most companies and government agencies will post on their website or social pages if a spoofing attempt is making the rounds. If you get an email, from your financial institution or credit card provider for example, and want to verify its legitimacy, search their phone number on their website (do not use the one provided in the email!) and call them to confirm.
  • Follow the Canadian Centre for Cyber Security on Twitter (@cybercentre_ca) or check out their website regularly for their latest cyber fraud bulletins. The Canadian Anti-Fraud Centre (@canantifraud on Twitter) is another good one for all things fraud related.
  • You can also find fraud related resources by following Coastal Community’s social pages. To keep us in your feed, be sure to engage with one of our posts through a like or comment.
  • And finally, trust your gut. This is so important as scams evolve and grow more sophisticated. Consider why you might be getting an unsolicited email or text. Question it if they’re using a sense of urgency or peddling a “too good to be true” offer. Assess the communication for discrepancies. If something doesn’t look or feel right, take that as a warning sign.

In 2022 alone, Canadians lost over $500 million to fraud. It’s a lucrative business that isn’t going anywhere. So stay aware and encourage friends and loved ones to do the same.

PS — A quick note on spoofing and phishing. Spoofing describes the impersonation tactics used during a phishing attempt (which is the communication itself, whether it’s an email, text, phone call or even a letter!).