What is Email Spoofing?
Email spoofing is a type of email attack that uses falsified sender addresses to trick the recipient into believing that an email is from someone it isn't. An email spoofing attack occurs when a hacker modifies the "From" field in an email to make it look like it came from a legitimate company, person, or organization.
In most cases, these types of attacks are used for phishing purposes.
How is a Spoofing Attack carried out?
There are two ways that spoofing can be done:
- The first is called "open relaying." This means that there are mail servers out there that will accept any email sent to them, even if it doesn't have a valid sender address associated with it. This allows attackers to create emails that appear to come from anywhere they want—even if they don't actually have access to those addresses!
- The second method of spoofing involves using "spoofing software" or "spoofing systems." These are tools designed specifically to create fake messages on behalf of an attacker.
Email Spoofing VS Domain Impersonation
While both may seem similar, there is a fine line of difference between them:
Email Spoofing | Domain Impersonation |
In spoofing email addresses are forged, hence the address looks identical to the original sender’s address. | In an impersonation attack, email addresses are impersonated to look similar to the original sender’s address but not identical. |
Example: janedoe@amcincorp.com | Example: janedoe@ancincorp.com |
Why is Email Spoofing harmful?
Email spoofing attacks can be used to commit fraud, identity theft, and other crimes.
For example,
An attacker could send a fake invoice for services that you never requested and have it appear as if it came from your company's accounting department. Or a scammer could send you a message from someone you know asking for money because they're stuck in a foreign country, then trick you out of your cash by making it look like the request came from them.
Because these messages appear to be coming from someone you trust (like your bank or your company’s domain),they're often more convincing than other types of email fraud attempts. And because they look like legitimate emails, some people don't realize that their information has been compromised until it's too late.
Why do people spoof emails?
There are many reasons why people might want to spoof emails:
- To hide their identity when sending spam or phishing emails (spam is unwanted messages sent for commercial purposes; phishing is when hackers try to trick you into revealing sensitive information like your passwords)
- To get free stuff from companies (e.g., free airline tickets or free electronics) by pretending they're someone else
- To manipulate receivers into initiating wire transfers
- To sell illegal items online
- To spread ransomware and/or malware on operating systems
Why are Spoofing Attacks so common?
These attacks are increasingly common because they're so easy to pull off. All it takes is one person with access to some information about an organization (like its domain name),some free time, and some basic technical skills—and voila! They have everything they need to create convincing emails that go straight into your inbox.
How to protect against Spoofing?
Refrain from Using Public Networks
Public networks aren’t safe as threat actors can position themselves between you and the network source. Thus, it’s suggested to use VPN.
Apply Multi-factor Authentication
Multi-factor authentication or MFA adds additional layers of security and includes OTP, biometric detection, ‘allow’ notification on the phone, etc.
Use Email Authentication protocols
Implementing email authentication protocols like SPF, DKIM, and DMARC can help prevent spoofing attacks done using your email domain.
We will learn more about this in the following modules.
Hover Over a URL Before Clicking it
Avoid clicking on unrecognized or dubious links in email messages. It’s better to hover your cursor over it without clicking it. You can see the URL on the bottom left of the screen; visit it only if you feel it’s taking you to a safe website.
Other Types of Spoofing
ARP Spoofing
In an ARP Spoofing attack, a hacker sends out fake ARP (Address Resolution Protocol) messages to trick other devices into believing they’re talking to someone else. The hacker can intercept and monitor data as it flows between two devices.
SMS Spoofing
SMS Spoofing works by disguising the real sender’s phone number or identity in an SMS message so that it appears to come from a different device.
Display Name Spoofing
Display Name Spoofing is an email scam perpetrated by fraudsters who use someone’s real name (known to the recipient) as the display name for their emails.
Phone Number Spoofing
This is a practice typically associated with telephone calls or texts and involves using fake caller ID to mask the true source of incoming calls that appear to originate from your number, when in fact they originate from elsewhere.
IP Spoofing
It’s when a user or program attempts to transmit packets with an IP address that they are not authorized to use.
What is SPF? Free2 m
Video Introduction to SPF Free1 m 41 s- A Brief History of SPF Free1 m
- How does SPF work? Free2 m
- SPF Tags: Syntax of an SPF Record Explained Free3 m
- How to create and publish SPF records? Free2 m
- SPF Authentication Failures Free3 m
- Video Explanation: SPF PermError Free1 m 39 s
Quiz 430 m
- What is DMARC? Free1 m
- Video Introduction to DMARC Free1 m 15 s
- A Brief History of DMARC Free1 m
- How does DMARC work? Free2 m
- What is DMARC Policy? : None, Quarantine & Reject Free2 m
- Video Explanation: DMARC Policy Free1 m 40 s
- DMARC Tags Free2 m
- DMARC Aggregate (RUA) Reports Free3 m
- DMARC Forensic (RUF) Reports Free2 m
- How to Create and Publish a DMARC Record? Free3 m
- DMARC Authentication Failures Free3 m
- Video Explanation: Why does DMARC Fail? Free1 m 37 s
- Quiz 630 m