Skip to main content
  1. Home
  2. Computing
  3. Evergreens

What is email spoofing?

Add as a preferred source on Google

As phishing attempts grow more advanced, so do the efforts to imitate real organizations, which make it easier to trick unsuspecting recipients into divulging valuable information or assets. A common tactic here is spoofing an email, or making it look like it came from somewhere it didn’t.

Let’s take a look at what email spoofing means, how it affects you, and what to watch for.

Woman using a laptop next to a latte.
Image used with permission by copyright holder

What is email spoofing?

Spoofing occurs when an email is sent with a faked sender address, designed to make it look like the email came from a source that it did not.

Recommended Videos

Email spoofing is frequently used in phishing attacks, attempts to get unsuspecting people or businesses to divulge personal information or even send money. Phishing attempts can be far more sophisticated than the classic “Nigerian prince” email. Some types of phishing work very hard to make emails really seem like they come from trusted institutions like a bank, a government agency, or a nonprofit, right down to faking logos and staff information. Part of the forgery also includes a spoofed email address to make it look like the email really did come from the institution in question.

In other cases, spoofing is sometimes used to automatically create fake email address for each message as a way to get around spam filters. More benign versions of spoofing can also help users keep their privacy, which is why services offer the ability to create disposable email addresses.

What is an example of email spoofing?

For an average online user, a spoofing attack may look like an email from a large national bank, like Wells Fargo or U.S. Bank. It will have its logo in the email, often at the top to make it look authentic, and will be from an email address associated with that bank, like wellsfargoemail.com. The email will begin with an urgent header like “Account Fraud Warning” or “Overdraw Limit Exceeded” and then will ask the recipient to take immediate action. That action could include sending over valuable account information, even account numbers, selecting a link that leads to a malicious website, or downloading a file that contains malware.

There are many other examples of how spoofing can work this way. Some may imitate credit bureaus and warn about credit score problems. Others can be even simpler — this example from Microsoft Outlook warns of an expired password.

Outlook Phishing email example.
Image used with permission by copyright holder

On the business side, spoofed emails may go to great lengths to appear that they are from legitimate parties requesting a wire transfer or a change in payment information that could lead to the theft of millions of dollars.

Is email spoofing legally a cybercrime?

Creating disposable email addresses to, say, sign up for a free trial is technically a form of spoofing. However, the law gets involved when spoofing actively tries to impersonate another sender, especially when the goal is to steal valuable information or money. In these cases, the FBI asks people to report spoofing and phishing attempts.

Contoso Phishing email example.
Image used with permission by copyright holder

Can someone spoof my email address?

People who spoof emails can set the apparent email address to be anything they want. That means that scammers who have your email address can use it in a spoofed email. Some scammers or spammers get lists of real emails from data theft caches online and use them for this purpose. However, since most scammers want to appear legitimate when creating phishing emails, it’s less likely that they will use the email address of an average online user.

If your email is spoofed, you may know by all the bounced back “can’t deliver” emails that are a result of spamming bots. It’s not easy to stop these, except to filter them out and wait for the spamming attempt to stop.

And, of course, keeping your email as private as possible can help decrease your risk, which ironically means making use of disposable email addresses.

How can I spot a spoofed email?

It can be difficult, but the best way is to always follow up and ask for more information without clicking on anything in the email or sending back a message. Find contact information for the organization in question directly from their website, and call them directly or send a question to support to see if the request is real.

Check both the sender’s name and the full email address in the received section of the email, too. Often, spoofing attempts don’t extend to additional sections of the email, and the received notation in an email is an easy way to check.

Always be wary of any email asking for money in any form. Institutions don’t use email as a method of sending invoices or asking for wire transfers, etc. If an email looks authentic, always take the time to call the organization and find a contact there to check if it’s legitimate.

Can I stop spoofed emails?

Not easily. However, many email clients do have built-in ways to spot and remove spoofed emails. Use an updated email app to help cut down on spoofing spam as much as possible. Don’t create filters for spoofed addresses, as you may want to receive emails from the authentic sender at some point.

Tyler Lacoma
If it can be streamed, voice-activated, made better with an app, or beaten by mashing buttons, Tyler's into it. When he's not…
Intel may bring back older desktop CPUs because DDR5 is getting too expensive
Older Intel Core CPUs from 10th to 14th Gen may get a second life
Intel Core i5-12400F box sitting in front of a gaming PC.

Intel may be preparing an unusual response to the ongoing memory crunch. According to Chinese outlet ITHome, citing ChannelGate, the company’s latest production plan includes restarting production of 13th-gen and 14th-gen Core processors.

The move is expected to increase supply across Intel’s 10th, 12th, 13th, and 14th Gen CPU families, especially in mainland China. For DIY PC builders, the timing is important. DDR5 memory prices have climbed sharply, making newer platforms harder to justify for anyone trying to build an affordable gaming PC.

Read more
Amazon wants to design in-house chips for Kindles, Fire TV, and Echo speakers
Apple did it first. Amazon is doing it now, starting with 40 million chips a year and a partner most people have never heard of.
Amazon Kindle Scribe dark mode featured image.

Apple's decision to design its own chips reshaped the consumer electronics industry. Amazon may be about to make the same call, just about two decades later.

Supply chain analyst Ming-Chi Kuo reports that Amazon is preparing to shift away from externally sourced processors for its consumer electronics lineup, marking what he describes as the company's first major processor procurement change in 20 years. The transition is expected to begin in 2027.

Read more
AI wants to summarize it all. TripAdvisor’s misleading reviews show AI will also ruin your travel plans
Spotless, friendly, and totally wrong. AI summaries are hiding the reviews that actually matter.
Tripadvisor logo on MacBook

Planning a trip is stressful enough without wondering if the glowing hotel summary you just read was written by an AI that skipped the scary parts. As it turns out, that might be exactly what's happening on TripAdvisor.

According to an investigation by consumer group Which?, reported by the Guardian, TripAdvisor's AI-generated review summaries are smoothing over serious guest complaints, and in some cases, downright dangerous ones.

Read more