This tag addresses spoofing techniques used by attackers to impersonate trusted entities across email, phone calls, IP addresses, and websites. Articles explain how spoofing works technically, the risks it poses, and the detection and prevention methods available to individuals and security teams.
posts
In July 2020, a seventeen-year-old in Florida used phone-based spoofing and social engineering to compromise internal Twitter tools, hijacking the verified accounts of Barack Obama, Elon Musk, Jeff Bezos, and Apple. The attackers impersonated IT staff during phone calls to Twitter employees, spoofing caller IDs to appear legitimate. Within hours,
In July 2021, the FBI's Internet Crime Complaint Center reported that business email compromise — overwhelmingly powered by spoof techniques — cost victims over $1.8 billion in 2020 alone. That made it the single most financially damaging category of cybercrime they tracked. Not ransomware. Not credential theft. Spoofing-driven impersonation.
In July 2020, attackers spoofed internal Twitter tools to hijack 130 high-profile accounts — including Barack Obama, Elon Musk, and Apple — and ran a Bitcoin scam that netted over $100,000 in hours. The attack didn't rely on some exotic zero-day exploit. It relied on spoofing: making something fake
In 2023, a finance employee at the multinational firm Arup wired $25 million to threat actors after a deepfake video call that spoofed the company's CFO and several colleagues. Every face on the screen was fake. Every voice was synthesized. The employee had no reason to doubt what
A CFO, a Spoofed Email, and a $37 Million Wire Transfer In 2024, the FBI's Internet Crime Complaint Center (IC3) continued reporting staggering losses from business email compromise — a category where spoofing is the engine that makes the scam work. Threat actors forge sender addresses, manipulate caller IDs,
The CEO Email That Cost a Company $47 Million In 2015, Ubiquiti Networks disclosed that attackers impersonating company executives via spoofed emails tricked employees into wiring $46.7 million to overseas accounts. The emails looked legitimate. The sender addresses appeared correct. No malware was involved. The entire attack hinged on
In 2023, the FBI's Internet Crime Complaint Center received over 298,000 complaints related to phishing and spoofing — making it the number one reported cybercrime category for the fifth year running. That wasn't a fluke. Spoofing is the backbone of almost every major social engineering campaign
