Skip to content

What Is Email Spoofing – And How Does It Work?

A phone and laptop displaying emails unread

Cyber criminals and spammers use email spoofing to trick email recipients into believing that they have received a message from someone they know or an account they trust. 

To commit an email spoofing attack, the attacker forges a fake email header. It displays a familiar (but fraudulent!) name to the recipient. 

Because most people take for granted that an email is from who it says it is from, they don’t notice when an email comes from a spoofed account. These emails will usually prompt them to click malicious links or download files with malware attached. 

In organized corporate attacks, email spoofing can lead to the theft of sensitive data and funds. 

How Does Email Spoofing Work?

Spoofing schemes can be relatively simple or quite complex. 

The attack starts when a sender uses a basic script to configure the “sender” field with whatever email address they want. That means that the sender’s own email address is hidden, and the receiver sees a trusted email address instead. 

The most widely used email protocol is Simple Mail Transfer Protocol (SMTP). The SMTP server identifies the recipient’s domain and routes the message to the appropriate server. After this step, the email goes into the recipient’s inbox. 

That means that the message actually travels through multiple servers. Each server’s IP address is included in the email header, but very few people look at those headers. Opening and clicking on links and attachments in emails is an automatic process for countless email users. But it opens them up to these attacks. 

What Is the Purpose of Email Spoofing?

The scammer’s goal is to convince you, the email recipient, that you have received an email from someone you know or a sender you trust. This can include individuals in your address book or organizations and companies you are familiar with and may have an account with. 

These scammers spoof trusted email accounts because they want to take advantage of your trust. They want you to open the links that they include or download the attachments. They may also ask you for sensitive information, such as log-ins, passwords, and bank information. 

Email spoofers will target individuals and corporations. 

The Most Common Reasons for a Scammer to Commit Email Spoofing

It hides their true identity. A spoofed email’s real recipient is hidden. Without a Sender Policy Framework (SPF), the sender’s identity can be protected. 

It helps them to avoid getting sent to spam. Spam filtering is great for users, but bad for spammers. A hacker can use a spoofed email to make their email look legitimate and bypass the filters. 

It is a good way to commit identity theft. By spoofing a trusted person or account, the hacker can make themselves look trustworthy. They can use this trust to coerce their target to send them sensitive information. 

Is Email Spoofing the Same Thing as Phishing?

Spoofing and phishing often occur at the same time, but they are not the exact same thing. 

Email spoofing is an act of identity theft. Phishing is an act of manipulating an individual in order to gain access to sensitive information. 

Although email spoofing is one of the many methods that hackers or scammers will use in a phishing scam, they are not the same. 

Examples of Email Spoofing

An email spoofer might create an email that looks like it came from your bank. When you receive the email, it is designed to look very close to the usual emails you get from your bank. The goal is to make it similar enough that it convinces you it’s genuine.

At first glance, the email looks like it came from your bank. The display name could say your bank, or even the domain name.

If the fake bank email says that you have to click a link in order to avoid having your account shut down or investigated for fraud, you may be startled enough to click it. While many people think, “I would never fall for spoofing,” the fact is that these attacks can be very sophisticated and difficult to spot. 

Cyber criminals use email spoofing because it is effective! In fact, 90% of cyber attacks begin with a phishing email, and many of those are from spoofed addresses.

A laptop and a woman's hand reaching out

What Happens When an Email Spoofing Scam Is Successful?

The impacts of these spoofing scams can be detrimental to individuals and businesses. 

For example, if an employee of a corporation receives an email that looks like it is from the CEO of the business, they are more likely to comply with the request because it seems that they could face consequences at work if they don’t. 

Numerous good employees have been tricked into sending money to their company’s CEO or another executive – and it actually goes to a scammer. This is called CEO Fraud or Business Email Compromise (BEC).

The damages can be massive. In 2016, a group of high-ranking executives at Mattel sent $3 million to scammers who had successfully spoofed the email address of their CEO, Christopher Sinclair. Fortunately, they were able to get their money back. 

Attacks can also be based on a small scale. For example, a scammer might send emails to a large number of recipients from a trusted brand, asking them to log in to change their password or confirm this information. This may or may not be accompanied by a threat of the account being locked or shut down. 

When the recipient goes to log in, they provide their login credentials to the hacker. The hacker can now access anything in that account, including saved personal information and even banking details. 

How to Check if an Email Was Spoofed

Everyone needs to be aware of how to recognize a spoofed email. Use these steps to protect yourself from phishing scams that start with a spoofed account. 

  1. Maintain vigilance about emails that you receive, especially if they are prompting you to log in to an account, open an attachment, or respond with personal information. 
  2. Check the display name of the sender and the email address to see if they match. 
  3. Look at the email signature. Does any of the information set off any red flags? For example, does the signature use a different name or area code? 
  4. Look at the email headers and check to see if the RECEIVED line matches the email address that appears in the sender field of your email. 

You can also determine if the email passes testing for spoofing based on whether your email account uses SPF, DKIM, or DMARC. 

If you have SPF, look for the header titled: RECEIVED-SPF. The field should say Pass. if it says Fail or Softfail, you are likely looking at a spoofing situation. 

If your email account uses DKIM and DMARC, then look for AUTHENTICATION-RESULTS instead of SPF. This will identify if the email was authenticated according to DKIM and DMARC protocols. 

When to Be Suspicious That Spoofing Has Occurred

Some spoofing attacks are more common than others. If you keep your guard up and know what these common attacks look like, you are less likely to fall for one. 

  • Watch out for unsolicited emails from companies that aren’t just advertising, but are asking you to do something, like log in or change your password. 
  • Take note of poor spelling and grammar from brands and companies. 
  • Look at the email address and check for weird addresses, typos, or bizarre titles. 
  • Be especially skeptical any time you are asked for a password, username, or account number. 
  • Don’t trust any unsolicited email that tells you that you need to pay for something in Bitcoin or another cryptocurrency
  • The IRS will never email you requesting information from you. 
  • Scammers will often send emails from FedEx, UPS, USPS, and other shipping agencies, claiming that you owe taxes or customs fees on items that you don’t remember purchasing. 

If you learn to avoid falling for email spoofing, you will have a safer and much better online experience!

Related Articles

All
  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking Basics: Learn How Networks Work
  • Online Privacy
  • Online Safety
  • Uncategorized
Secure browsing with CyberGhost VPN Chrome Extension

Stay Secure with CyberGhost VPN Chrome Extension

Why Do You Need a VPN? VPNs keep your online activity private by encrypting your traffic and…

[Read More]
Beckly Holmes talks about romance fraud and what most people don't understand about it.

Myths, Misconceptions, and Misunderstandings about Romance Fraud

The media loves to sensationalize romance fraud and scams. Unfortunately, that leads to a lot of misconceptions…

[Read More]
Annoying viral requests sent to your facebook

7 most annoying viral requests people post on their Facebook pages

We’ve all experienced annoying viral requests that seem to crop out of nowhere on Facebook. The kid…

[Read More]
IP Addressing and Converting IP Addresses to Hex

Understanding IP Addressing and How to Convert IP Addresses to Hex

If you’re unfamiliar with number systems like binary and hexadecimal, stay tuned. Understanding how these systems work…

[Read More]
Section 230 currently grants online platforms immunity from liability for user-generated content.

The Threat of Repealing Section 230 and What it Means for Online Forums

In the early rise of the online age, website and Internet developers were flying blind. The amazing…

[Read More]
Tools and Techniques Used in Unmasking Online Identities

Tools and Techniques Used in Unmasking Online Identities

As we collectively increase our social media interactions with strangers, more and more of us may create…

[Read More]