What is an Email Spoofing?

Email spoofing refers to the creation of fraudulent email messages that appear to be sent from a legitimate source, but in reality, are sent from an unauthorized or fake source. The main aim of email spoofing is to trick the recipient into believing that the message is genuine and to take some specific action, such as clicking on a malicious link, downloading an infected attachment, or providing sensitive information like passwords or financial details.

Email spoofing is usually accomplished by manipulating the headers of an email message, particularly the "From" field. The attacker modifies the email headers to make it appear as if the message was sent from a legitimate domain, such as a bank, a well-known company, or a government agency. The attacker may also use the same font, logo, and style as the genuine sender to make the message appear authentic.

Spoofed emails can be dangerous because they often try to trick recipients into taking an action that is harmful to them or their organization. For example, a spoofed email might contain a link to a phishing website that looks like a legitimate login page, or an attachment that contains malware. If a recipient falls for the scam, their personal and financial information could be compromised, or their device could become infected with malware.

To protect against email spoofing, it is important to be vigilant and to critically evaluate the authenticity of every email message before taking any action. This can include checking the sender's email address, looking for unusual or suspicious language, and avoiding clicking on links or downloading attachments from unknown or untrusted sources. It is also a good idea to use email filtering tools that can detect and block spoofed emails, and to educate employees about the dangers of email spoofing and how to recognize it.

Simplified Example

Email spoofing is like pretending to be someone else on the phone. Imagine you call your friend and pretend to be their favorite movie star. Your friend might believe it's really the movie star and start telling you their secrets or asking for your autograph. That's similar to what happens in email spoofing.

An attacker creates a fake email and pretends to be someone else, like a bank or a teacher. The email might look exactly like a real one from that person, with the same font and colors. The attacker might ask for important information, like passwords or money. Just like your friend might give you their secrets on the phone, people might give the attacker important information if they believe the fake email is real.

So, just like you should be careful when someone pretends to be someone else on the phone, you should also be careful when you get an email. Make sure it's from who it says it's from before you share any important information.

History of the Term "Email Spoofing"

The roots of deception and forged identities predate the advent of email, with historical instances of forged documents and signatures. The early email systems of the 1960s and 1970s lacked robust authentication, presenting vulnerabilities for potential abuse. During this time, early internet pioneers and hackers likely experimented with manipulating email headers, sending messages with forged sender addresses. As email usage surged in the 1980s and 1990s, the prevalence of forged emails became a notable issue. Technical reports and discussions within the internet community initially addressed the problem using informal terms like "forged mail" or "sender address manipulation." By the late 1990s, the term "email spoofing" emerged as a more specific and descriptive label, gaining traction among technical communities before eventually permeating mainstream media and public discourse.


Phishing scams: A common example of email spoofing is a phishing scam, where the attacker creates a fake email that appears to be from a legitimate organization, such as a bank, an online retailer, or a government agency. The email may ask the recipient to provide sensitive information, such as login credentials or financial information, or to click on a link to a fake website that is designed to steal this information.

Executive impersonation: In this type of email spoofing, the attacker creates an email that appears to be from a high-level executive within an organization, such as the CEO or CFO. The email may instruct employees to transfer money to a specific bank account, or to provide sensitive information such as passwords or confidential data.

Invoice scams: Another popular example of email spoofing is an invoice scam, where the attacker creates a fake email that appears to be from a supplier or vendor. The email may contain an attachment that is a fake invoice or a link to a fake website where the recipient is asked to make a payment. The attacker's goal is to trick the recipient into sending money to a fraudulent account.

  • Phishing: A type of cybercrime that involves tricking individuals into giving away sensitive information, such as passwords, credit card numbers, and other personal information.

  • Replay Attack: A type of cyber attack that occurs when a malicious actor intercepts a valid network transmission and then retransmits it at a later time.