Put simply, ‘spoofing’ is a means of controlling the reported position and time of a GNSS receiver. Spoofing has now been well demonstrated in the experimental context, but until a few years ago it was regarded as “…a bit like UFOs: much speculation, occasional alarms at suspected instances, but little real-world evidence of its existence” (Ref. 1). In the intervening years spoofing has transformed from a research laboratory into an emerging threat. In this paper we focus on radio-frequency attack as the primary method of spoofing. However there is also the possibility of cyber-attack on GNSS systems, in which there is interception and modification of computed position between the receiver and application. It had perhaps previously been considered that the technology and know-how “barrier to entry” to produce an effective spoofer was itself a significant deterrent. However, the commercial availability of inexpensive (sub £250) software defined radio systems, low-cost computing and open-source GNSS signal generator software has all but eliminated this barrier. This paper will consider various methods of spoofing, means of detecting spoofing through analysis of signal anomalies and also mitigation of spoofing at the physical layer via the antenna and signal processing and at the software application layer through the detection of anomalies.