Script spoofing: What it is and how you can protect yourself

Script spoofing SpoofingA website or email address that is created to look like it comes from a legitimate source. An email address may even include your own name, or the name of someone you know, making it difficult to discern whether the sender is real. is a newer tactic that some cyber criminals are using to scam their victims.

Spoofing is when a cyber criminal makes their malicious website or email address look like a legitimate source of information. In script spoofing, cyber criminals impersonate a trusted domain name Domain nameA name owned by a person or organization and consisting of an alphabetical or alphanumeric sequence followed by a suffix indicating the top-level domain: used as an internet address to identify the location of particular web pages (e.g. .gc, .ca). by deliberately — and often very subtly — misspelling the website or email address. This lets them distribute malware to your device or trick you into sharing sensitive information. The ‘script’ part of script spoofing refers to words, letters, numbers, and special characters that look correct but are actually visually similar characters.

For example, an email from info@amαzon.com seems to come from Amazon’s official email. But if you look closely, you’ll see that what looks like the second “a” in the Amazon domain name is actually the Cyrillic character “α”. Script spoofing can also be as simple as using the number “0” instead of the capital letter “O”, or the number “1” instead of a lowercase “L” or uppercase “I”.

The characters that cyber criminals use can easily be confused with their legitimate counterparts, which can make script spoofing tough to spot.

How to protect yourself against script spoofing

Using a web browser Browser(Web browser) A program that allows a user to find, view, hear, and interact with material on the internet, including text, graphics, sound, and video. on a computer can be your first line of defence against script spoofing attacks. Some web browsers can block BlockTo stop a computer from reaching something on the internet, or, on social media, to stop a user from contacting you. script spoofing as an extra layer of protection.

A web browser on a computer lets you view the entire URL URL(Uniform Resource Locator) Uniform Resource Locator is the technical term for the address (location) of a resource on the internet such as a website or file. , which can help you determine whether it is a legitimate site or not. While browsing the web, be cautious and hover your mouse over any hyperlinked text to confirm where it leads before you click on it. It’s a good habit that may save you from clicking on a malicious link LinkSee Hyperlink. .

But since no web browser can detect every script spoofing attempt, this shouldn’t be the only protection you rely on. It is always a good idea to perform system updates, especially on your web browser. Updates contain essential patches that are designed to deter cyber criminals and can help protect against script spoofing.

Be extra cautious when surfing the web on a mobile device. The smaller the screen, the less likely you are to see the entire URL of the website. When you want to visit a website, instead of clicking a link, it is a good idea to type in the name of the website in your web browser so that the browser can redirect you to the right place. Cyber criminals hide script spoofing tactics in emails, chat ChatAn online conversation where a person can continually read messages from others and then type and send a message reply. messages, social media Social mediaInternet-based tools that allow people to listen, interact, engage, and collaborate with each other. Popular social media platforms include Facebook, YouTube, LinkedIn, and Twitter. , and other publicly available platforms.

If you think you’ve received a spoofed message, don’t open any attachments or click on links. Instead, if the message appears to be from a service provider, use your browser to log into your account as you normally would and see if there are any alerts on the official website.

Always keep an eye out for script spoofed characters in email addresses and links. Script spoofing messages will often also have similar red flags as phishing messages. This includes things like grammar or spelling mistakes, poor formatting or urgent or threatening language. Remember — if the message seems too good to be true, it probably is.

You should also consider enabling a free DNS firewall FirewallA security barrier placed between two networks that controls the amount and kinds of traffic that may pass between the two. This protects local system resources from being accessed from the outside. , such as CIRA Canadian Shield. CIRA Canadian Shield identifies malicious websites and then prevents you from accessing them.

If you think that you have been the victim of a script spoofing attack, you can report it to the Canadian Centre for Cyber Security.

Conclusion

Now that you know what script spoofing is and the signs to watch out for, you can better protect yourself against it. It’s always better to take a few extra minutes to confirm whether the link you’re clicking is legitimate or not than to be scammed by a cyber criminal.