10/27/2025
Hello all, I have been out of the loop on the socials this year and would like to personally thank Michelle for taking over the reigns. She does a way better job than I could do, must be more patient than I, and is much more savvy in the tech than I.
However..... I still keep this responsibility:
Hello everyone, as we careen through October and look forward to the holiday season we bring you a refresh of an older post.
Since scammers are trying to steal your money by posing as an official Cape Charles entity,
“https://www.capecharles.org/planning-zoning/page/scammers-sending-fraudulent-invoices”
I feel it is time to reiterate something that we went over a few year ago. Especially for those who are not as tech or internet savvy as others.
There is a continuing scam going on now. The bad guys are "spoofing" phone numbers of major banks.. and maybe smaller ones as well, insurance companies, and investment brokers.
Your phone will ring (cell phones are more likely to receive these), and your display will say "Wells Fargo.. Or CitiBank, or Charles Schwab or Farmers Insurance.... then you answer.. I mean why wouldn't you? It's a bank, or a broker, or an insurance company.
These calls will sound totally legitimate.. The friendly, accent-free caller will tell you it is being recorded, and will even go as far to tell you that you should not give out your personal info to anyone... then they will ask you for info.
DO NOT.. I REPEAT DO NOT GIVE ANY INFO TO ANYONE WHO CALLS YOU.
Banks, Insurers, investment companies etc. will not call you, or Text you.. they will either email you or send out an actual letter.
Also, if you receive an email from some a company, DO NOT CLICK ON THE LINK ON THE EMAIL, they are doing tricks like inserting a Cyrillic "a" instead of the English keyboard "a" thus sending you to a different website that looks legitimate.
Always go to websites through your saved bookmarks
WHAT IS SPOOFING?
A spoofing attack is a type of cyberattack where a threat actor disguises their identity when contacting a potential victim, so the contact appears legitimate. Spoofing is utilized by threat actors to establish a known or trusted identity with a target, and depending on an attack’s objectives, to subsequently gain access to information, launch malware, steal data, or another malicious act.
TYPES OF SPOOFING:
1. Caller ID spoofing. Caller ID spoofing frequently relies on Voice over Internet Protocol (VoIP) technology or web-based spoofing platforms to intentionally falsify the phone number that is relayed to the target’s caller ID to make it appear that the call is coming from a different number. Bad actors will commonly use phone numbers associated with a specific person or entity, or a specific area code or geographical location to help increase the likelihood of a target answering. Emails sent via spoofed email addresses may be used in conjunction with voice calls to help add credibility to the scam.
2. Text message or SMS spoofing. This tactic involves a threat actor texting a target using a manipulated phone number designed to mimic a number that is legitimate or otherwise familiar to the target. The perceived legitimacy or familiarity of the number, and the caller or entity it is associated with, is a means to get the target to click a link, provide information, or take another action to advance an attack.
3. Domain spoofing. While domain spoofing and website spoofing (below) are sometimes used interchangeably, domain spoofing involves creating a domain name that by design, resembles another commonly used and trusted domain. This can be accomplished by using letters or characters to mimic those used in the domain that is being copied. One example of this would be using two ‘v’s in place of a ‘w.’ The spoofed domain can then be used to create email addresses and websites that can be used as part of an attack.
4. Website spoofing. Website spoofing occurs when a threat actor creates a website that appears legitimate, with the purpose of advancing an attack by tricking a user into entering information or providing valuable data. Website spoofing is frequently used as part of phishing or smishing attacks, where the link provided directs targets to a forged website designed to steal login credentials or get users to download malicious code.
5. Email spoofing. In email spoofing attacks, the email header, which includes the sender’s name, address, and other fields, is forged with fraudulent information – enabling bad actors to mask their true identities and impersonate legitimate senders. Email spoofing attacks are possible because simple mail transfer protocol (SMTP), the protocol used in sending and receiving e-mail, was built without security when it was originally created. Spoofed emails take advantage of this missing security layer to manipulate email systems so that the fraudulent sender information appears in the recipient’s inbox. This type of spoofing is often used in phishing attacks and can be highly tailored to target specific individuals as part of spear phishing attacks.
Another thing they will use to get you is this:
Your phone rings, you pick it up and you say "Hello", another (probably recorded) voice will ask "Can you hear me?".. (our normal conversational skills would have us say "yes"), you have just approved something, and your voice is recorded saying "yes", now the scammers have your voice saying "yes"... this can and has led to bad actors using it for bank fraud.
Here is a good alternative.
When your phone rings, DO NOT answer with "Hello", but with Good Morning, Good Afternoon, or Good Evening, followed by your name.. or a fake name. Both of us do this in our home... "Good Afternoon, this is ____" . This messes with the scammers algorithm and usually gets a hangup.
And last but not least, no legitimate organization, NONE, will ask for Amazon, Apple, Kroger, Walmart etc. gift cards for payment. Not Paypal, not Ebay, not the IRS, not the local police fund, ABSOLUTELY NO ONE!!... Please read this again.
Be vigilant my friends.
