There are clues for detecting a spoof for each of the several mediums discussed on YouSpoof.info. Find the medium you are interested in below and look for clues to see if you have been spoofed.

TEXT/SMS SPOOFING & CALLER ID SPOOFING Text & caller ID spoofs are often difficult to detect as there is a limited amount of data contained within the text or voice caller ID message and very limited tools on most phones which enable a user to detect a spoof.

Clues to detecting a spoofed text message:

1. You receive a message from a commercial company you have a relationship with and you have not specifically signed up to receive text messages.

2. You receive a message asking you for sensitive financial or personal.

3. You receive a message from a recognized person, however it seems wildly out of character for the sender.

4. You receive a message from a familiar sender but the caller ID name and number do not match up. For example if the message comes from "Mom" but the number displayed is incorrect.

Clues to detecting a spoofed voice caller ID message:

1. You receive a call from a representative of a commercial company you have a relationship with asking you for any sensitive information.

2. If the caller ID shows a recognized person but the caller is not the recognized person.

URL SPOOFING

There are several clues which can help you determine if the web site you think you are visiting is a spoof.

1. The address location bar doesn't display the correct domain name/URL for the web site. This is the most commonly spoofed component of URL spoofing. Spoofers use a JavaScript to insert whatever domain name they want into the address location bar in order to deceive the user. For example the location bar might say www.eBay.info but the user might actually be at the web site www.phishingforebaylogins.net. The web page probably looks just like eBay's and keeps track of all log in attempts in order to harvest eBay user ID and passwords.

2. The status line is located at the bottom left of the browsers screen. Move your mouse over a link on a web site and the status line displays the URL where that link goes. Once again this can be a clue but beware because spoofers can also use a JavaScript to insert whatever information they want into the status line bar.

3. Users can glean clues about the URL they are on by viewing the source HTML code from the menu bar to look for re-written URL's. To do so in Internet Explorer look at the top tool bar and click on the view option. From the view option a list of drop down items will display; choose the source option. A notepad pop up will open with the source code for the web page. Look within the source code for bogus URL rewrites. Note that this is tedious and time consuming task and most users are not familiar enough with HTML or JavaScript in order to detect a spoof.

4. The easiest and most reliable clue to detecting URL spoofing is to use the menu bar to view the web page's Properties. For example in Internet Explorer from the top menu choose File and then from the drop down options choose Properties. The Address (URL) of the actual page will be displayed. If it does not match the URL displayed in the address line then the page has been spoofed.

E-MAIL SPOOFING

It is easier to determine if an e-mail is a spoof by reviewing the message the e-mail contains than by using technical tools. For example if an e-mail is from a commercial entity and the message requests that you provide your log in ID or your account will be suspended it is likely a spoofed e-mail. Reputable commercial entities regularly contact their customers by e-mail but they don't ask for log in ID because they already have it.

Another clue is to highlight a link within the suspect e-mail with the mouse cursor and to then look at the status line at the bottom left of the screen. If the URL in the status line and the link your mouse is highlighting do not match up a spoofer is likely at work. Note that because JavaScript can be used to change the status line this method is not fool proof. Overall, this is a good technique because a lot of spoofers do not bother to use the JavaScript to change the status line.

Technical tools include the users viewing the source data for an e-mail. For example, in Outlook Express the message in question is chosen and then by right clicking the mouse the user gets a drop down box. From the drop down box choose Properties and the e-mails source data will be displayed. Usually spoofers will cover their tracks even in the details of the source. Viewing the source is therefore not a reliable tool.

WEB SPOOFING / IP SPOOFING

Use the clues from the URL and E-mail spoofing sections to look for Web and IP spoofing.