Skip to main content

Website Spoofing - Scammers Disguised As Trusted Brand

Most people are familiar with the way scammers spoof phone numbers to use for robocalls and robotext messages.

Spoofing, which can also take the form of email and text spoofing, is when someone misrepresents themselves or an organization in an attempt to:

  • Gain our confidence
  • Get access to our systems
  • Steal data or money
  • Spread malware

Website Spoofing Occurs In 2 Ways:

1. As a form of business identity theft.

  • Also called website defacement, this happens when criminals create a fake website misrepresenting a legitimate business. Customers are lured to the site under false pretenses.
  • An example would be when criminals create a phony website that impersonates the identity of a legitimate business like a car dealership and advertises low prices to scam people into making deposits for vehicles that don’t exist. Acts like this can irreparably harm a company’s reputation.

2. Redirecting with masked URLs.

  • URL masking is a technique used to hide the true URL of a website behind a different URL. For example, might become
  • Scammers make a fake website look legitimate with a familiar logo and spoofed URL.
  • You receive a counterfeit email from PayPal or Amazon asking about transactions you never made. Concern about your account may convince you to click the provided link, which takes you to a fake login page where you enter your username and password.

Website spoofing can hurt businesses and individuals, resulting in long-lasting harm by:

  • Damaging the company’s reputation;
  • Causing a loss of customer trust;
  • Financial losses for businesses related to remediating the damage; and
  • Financial losses for consumers after inadvertently providing personal information.

Protect Yourself Against Spoofing

The Better Business Bureau provides the following tips to avoid spoofed websites.

  • Examine the domain name and watch out for subdomains. A spoofed website might have a URL or domain name that closely matches the real one. The spoofed site might also have a subdomain that contains the site’s real name.
  • Be cautious about clicking links in emails and social media accounts. The email may resemble those from a familiar company, but before clicking a link, you should hover over it with your mouse to reveal its true URL. If the URL doesn’t match the blue text of the link, don’t click it.
  • Pay attention to the website design quality. Does the website’s appearance measure up to the company you know? Low-quality design and misspellings can point to a spoofed website.
  • Use a fake website checker. Tools like Google’s Safe Browsing tool can help you determine if a website is real or legitimate.

To report fraud or if you have a general consumer complaint, you may file a complaint with the Attorney General’s Consumer Protection Team.


Consumer Protection Team

P.O. Box 30213
Lansing, MI 48909
Fax: 517-241-3771
Toll-free: 877-765-8388
Online complaint form