Email spoofing: Definition and how spoofing works

A friend tells you they’ve received a strange email from your address, but there’s no sign of suspicious emails in your sent mail folder. Your caller ID shows a number you recognize, but there’s a strange voice on the other end of the line. Both of these are examples of spoofing, or communications under a faked name.

The different meanings of spoofing

Along with email phishing, spoofing is form of fraud that has become increasingly widespread in recent years. In online communications, hackers use spoofing to gain access to networks, devices, or personal data. Generally speaking, spoofing means a person falsifying data so that they appear to be someone else. Today we'll focus on email spoofing, but spoofing is a broad term that can encompass many different sorts of scams, including:

Call spoofing

As in our first example, caller ID spoofing is when you receive a call from a phone number that seems trustworthy – often it’s the same number as the police or another government agency. The scammers’ goal is to try to get their victims to wire them money or reveal personal data for the purpose of accessing bank accounts or even identity theft.

IP spoofing

Also known as IP address spoofing, this sort of fraud operates on a machine-to-machine level. When data is sent over the internet network, the transmission protocol specifies that each information packet must have a header containing the IP address of the sender. In IP spoofing, the sender address is falsified so that it appears that the packet came from a trusted IP address. This form of spoofing can therefore be used to overcome network security measures.

SMS spoofing

This is when a scammer sends a text message to your mobile phone impersonating a trusted person or an organization. The text comes with a falsified sender name, phone number, or both – and like call spoofing, the aim is to defraud the individual who receives it. Unfortunately, nowadays SMS spoofing only requires basic computer skills; user-friendly SMS spoofing tools are widely available on the internet. It is particularly dangerous because it lets scammers’ texts get around our filters for spam texts.

What are spoofing emails?

We’re glad you asked! Today we’ll explain:
 
  1. What email spoofing is
  2. How email address spoofing works
  3. How to identify a spoof email
Woman sits outdoors looking at smartphone with serious expression
Friends are receiving emails that you never sent – have you been hacked, or is it spoofing?
 

Email spoofing definition

In email spoofing, like other forms of spoofing, cybercriminals try to scam recipients by faking an identity. They falsify the sender email address, name and/or IP address so the message appears trustworthy. Usually the spoofed email bears the name of a friend, family member, or trusted business.

A spoofed email is often used to spread malware or steal personal data. The fake message may include links, but of course they don’t lead to legitimate web pages. Instead, you are directed to a pharming website designed to trick you into entering sensitive information. Or the email will contain file attachments that seem harmless at first glance. However, if downloaded, the file contains viruses that give the hacker access to all kinds of data on the device.

How does email spoofing work?

As noted, in an email spoofing attack, the sender’s email address looks identical to a genuine, trusted email address. To understand how email spoofing works, it’s important to know that an email consists of several parts: the body of the email as well as the header, which includes the sender’s name and email address, and the “envelope”, which tells the receiving server who the email sender and recipient are. You can see the email body and header, but you don’t usually see the envelope. Unfortunately, it is fairly easy for hackers to fake the sender information in an email envelope and header, and outgoing email servers cannot verify whether the sender information is real. Furthermore, the Simple Mail Transfer Protocol (SMTP) used to transmit emails over the internet is not set up to check whether each message comes from where it says it does. Instead, domain owners and email service providers have to utilize authentication processes such as DMARC (Domain-based Message Authentication, Reporting, and Conformance), SPF (Sender Policy Framework), and DKIM (Domain Keys Identified Mail) to verify an email’s sender information. If these authentication processes are not in place, emails from falsified senders can bypass spam filters and land right in the recipient’s inbox.

How can I identify a spoof email?

Believe it or not, the information you receive in an email header can clue you in to whether its sender address is legitimate. What’s important is not just the header you see at the top of the email message listing the sender, subject and date, but what’s known as the “extended header” or “full header”. For example, when logged into your mail.com account in a web browser, you can click on the lowercase i that appears in the upper right corner of the message (next to the date) to view the extended email header. Information about whether the email has been authenticated by SPF, DMARC, and/or DKIM will appear under the “Authentication-Results”. You can also look under “Received” to see if the email server that originally handled the email matches the displayed “Sender”. For example, if you see “Sender: Service@BankofAmerica.com” but “Received: from (23.364.454.44) spammer.mcspam.com“, you are dealing with a spoofed email.
Screenshot of extended email header in mail.com inbox
Real or spoof? Real! The extended header shows this email originated from the purported sender and passed DKIM authentication

How else can I protect myself against email address spoofing?

As a secure email provider, mail.com protects you against spoofing with DMARC and our cutting-edge spam filters.  Nevertheless, it is important to be vigilant and watch for signs of scams. Look for signs of spam and scams such as misspelled sender addresses and subject lines or strangely worded messages. When in doubt, do not click on any links in emails or open any attachments in suspicious emails. Never allow yourself to be pressured into entering personal data or sending it by email. Protect your device from malware by installing a reputable antivirus program and scanning regularly for viruses.

Did our post provide you with useful information about spoofing? We look forward to your feedback below!

Images: 1&1/GettyImages

20 people found this article helpful.

Related articles

Inactive accounts: What can happen to unused email addresses?

What is a mailer daemon – and why did my email bounce back?

Malware types: Do you know the true meaning of malware?