Unmanned Aerial Systems (UAVs, Drones), initially known only for their military applications, are getting increasingly popular in the civil sector as well. Over the military canvas, drones have already proven themselves as a potent force multiplier through unmanned, round-the-clock, long-range and high-endurance missions for surveillance, reconnaissance, search and rescue, and even armed combat applications. With the emergence of the Internet of Things (IoT), commercial deployments of drones are also growing exponentially, ranging from cargo and taxi services to agriculture, disaster relief, risk assessment and monitoring of critical infrastructures. Irrespective of the deployment sector, drones are often entrusted to conduct safety, time and liability critical tasks, thus requiring secure, robust and trustworthy operations. In contrast, the rise in UAVs’ demand, coupled with market pressure to reduce size, weight, power and cost (SwaP-C) parameters, has caused vendors to often ignore security aspects, thus inducing serious safety and security threats. As UAVs rely on Global Positioning System (GPS) for positioning and navigation, they can fall prey to GPS jamming and spoofing attacks. The vulnerability of GPS to spoofing has serious implications for UAVs, as victim drones using civil GPS can be misdirected or even completely hijacked for malicious intents, as already demonstrated in several academic research efforts using commercially available GPS spoofing hardware. Beside UAVs, GPS spoofing attacks are equally applicable to other GPS-dependent platforms, including manned aircraft, ground vehicles, and cellular systems. This paper conducts a comprehensive review of GPS spoofing threats, with a special focus on their applicability over UAVs and other GPS-dependent mobile platforms. It presents a novel taxonomy of GPS spoofing attacks and critically analyzes different spoofing techniques based upon placement of spoofing device, attack stealthiness, attack methodologies, and objectives of the attacker. We also discuss some of the recent experiments from open literature which utilized commercially available hardware for successfully conducting spoofing attacks.