Due to scheduled maintenance, Online Banking, Mobile Banking, and Tellerphone systems will be intermittently unavailable on Sunday, October 24 between 12:00am and 5:00am MDT.
By Ashleigh, K-Staff
We often write about the various methods that fraudsters and criminals use to steal info and money from victims. Sometimes, the attempt is relatively obvious. Other methods, like a well-done spoof, are more difficult to detect.
In late February, a local New Mexico school district warned parents about a spoofed website, built to look virtually identical to the real school district website. The website was well done, the fake good enough to not be obvious at first glance. But it held many of the hallmarks of a spoofed website—if you knew where to look.
A spoofed website is a site built to mimic a legitimate website for malicious purposes. A spoofed bank site, for example, could fool customers and members into entering their banking login information, exposing it to the criminals. Another high-profile example of spoofing occurred in November 2020. The FBI issued a warning that several spoofed websites mimicking the federal agency’s official site. According to the FBI:
Some of the spoofed domains are highly suspicious; but others could easily be mistaking for an official FBI page.
A domain that is similar to a legitimate domain but not identical is a hallmark of a spoofed website. For example, our website domain is https://kirtlandfcu.org/. A hypothetical spoofed domain could be close to the original (kirtlandfederalcu.org) or add a subdomain (kirtlandfcu.moneyspoof.com) to fool you into thinking it’s the real Kirtland FCU site.
In the school district incident, the spoofed domain had a single extra letter: rrps.net vs. rrpss.net.
With a spoofed domain, a fraudster can also create email addresses with that domain in order to extend the deceit to inboxes. So be sure to check any domain of an email address before you decide to open it or interact with it.
A good spoof can look identical to the legitimate site it’s purporting to be. But there are signs that you aren’t looking at the real website. Here is what the FBI says you can do to spot a spoof and keep yourself safe: