Spoofing attacks can be extremely damaging and not just on computer networks. Doron Gellar writes:

The Israeli breaking of the Egyptian military code enabled them to confuse the Egyptian army and air force with false orders. Israeli officers "ordered an Egyptian MiG pilot to release his bombs over the sea instead of carrying out an attack on Israeli positions." When the pilot questioned the veracity of the order, the Israeli intelligence officer gave the pilot details on his wife and family." The pilot indeed dropped his bombs over the Mediterranean and parachuted to safety. Doron Gellar, Israeli Intelligence in the 1967 War

In this case, the pilot had a simple "trusted capabilities index": His legitimate superiors would know him in depth; they'd be aware of "personal entropy" that no outsider should know. He would challenge for this personal entropy essentially, a shared key as a prerequisite for behaving in a manner that obviously violated standard security procedure. (In general, the more damaging the request, the higher the authentication level should be thus we allow anyone to ping us, but we demand higher proof to receive a root shell.) The pilot was tricked Israeli intelligence earned its pay for that day but his methods were reasonably sound. What more could he have done? He might have demanded to hear the voice of his wife, but voices can be recorded. Were he sufficiently paranoid, he might have demanded his wife repeat some sentence back to him, or refer to something that only the two of them...