Email Security

    Spoofing: What It Is and How to Prevent It

    In spoofing, attackers present themselves as a trusted source in order to steal data, plant malware, or commit fraud. Learn how it works so you can stop spoofers in their tracks.


    Key Points

    • Email spoofing uses email addresses and content that appear to come from a trusted source.
    • Website spoofing uses domain names, logos, and colors that imitate real sites.
    • Once victims are hooked, spoofing employs social engineering to convince them to divulge sensitive information or transfer funds.
    • Cybersecurity training and automated email authentication are key to preventing spoofing attacks.


    Spoofing Definition and How It Works

    For centuries — whether in folklore or real life — frauds have pretended to be someone else to gain access to things they cannot or should not have. In the information age, spoofing attacks have emerged as a way to trick people into opening infected emails or going to fake websites and handing over data or money to a cleverly disguised stranger. 

    Spoofing is that disguise. It’s a common phishing technique using an email or web address that looks familiar so the attacker can appear to be a person or brand that an individual trusts. Once the trap is set, the attacker uses plausible pretexts, branding elements and other social engineering tricks to coax the individual to click on a link or attachment in an email, provide sensitive information, download software, or send money.[1]

    Types of Spoofing

    There are many techniques used for spoofing. Attackers can create false caller ID information, IP addresses, MAC addresses, domain names, geolocations, or HTTP referral headers. Most recently, a new type of attack has emerged: image spoofing, which tricks facial recognition software systems into granting access.[2]

    That said, two of the most common spoofing types are email spoofing and website spoofing. A combination of training and technology can help companies detect and prevent these attacks.

    Email Spoofing Phishes Remote Workers

    Email spoofing incidents have been on the rise during the pandemic since companies shifted to remote work. Attackers have been taking advantage of insecure home Wi-Fi connections, which block fewer suspicious emails than company’s security systems. And employees who may be distracted by family members may be more liable to open illegitimate emails.

    Email spoofing involves sending email with a forged sender address, which makes it look like it’s coming from a trusted source such as a colleague, executive, or well-known vendor. It is commonly used in phishing email, spear phishing, and brand impersonation attacks that try to trick an individual into giving attackers access to networks, data, or financial resources. 

    According to Mimecast’s State of Email Security 2022 (SOES) report, one-third of companies are unprepared or only somewhat prepared to deal with email spoofing attacks. Not surprisingly, sectors such as technology and professional services are most likely to describe themselves as prepared, while retail, transportation, and manufacturing companies are least prepared. 

    Website Spoofing Erodes Brand Value

    Website spoofing, on the other hand, involves creating a website that mimics a trusted brand in design, layout, colors, logos, and nearly identical domain name. Once a fake website is up, attackers send phishing emails to convince a brand’s customers, partners, and employees to visit the site and share sensitive information such as credit card numbers or Social Security numbers — for example, under the ruse that this information is necessary to restore access to an account.

    Because website spoofing occurs outside of a company’s security perimeter, it is often difficult for security teams to know when their own brand is being impersonated somewhere on the web. Anti-website spoofing services scan the entire web to help find and take down cloned websites, so they can no longer damage the company’s brand or steal from duped visitors to the site.

    The SOES report indicates that companies had identified, on average, 10 different instances of website clones within the past year. Companies in the energy, healthcare, and financial services sectors are the most likely to be targeted. Sectors’ relative preparedness to address website spoofing differs slightly from email spoofing. Here, the construction and property management sector joins technology among the industries that feel most prepared, while retail, energy, and healthcare companies describe themselves as the least prepared.

    How Spoofing Uses Social Engineering

    Email and web spoofing attacks use social engineering, which is a way of luring individuals into divulging sensitive information. Social engineering attacks take advantage of human psychology to gain people’s trust. 

    Once the attackers perform their technical sleight of hand with email and web domain names, there are two social engineering elements to a spoofing attack: The pretext and the action.[3]

    • Pretext: This is the lie that a scammer is hoping an individual may act on. It could be an urgent request from a corporate executive, a limited-time offer for a valuable product or service, or a notice that access to an account has been suspended.
    • Action: The action is the step that an individual must take, whether it’s clicking on a link, entering personal or financial information into a form, or initiating a financial transfer. 

    Plausibility is key to spoofing attacks. If a request is not specific or relevant, or if it seems hard to believe, then the recipient is likely to realize it’s fake. Similarly, the action needs to be something an individual is capable of taking, given their day-to-day job responsibilities. A request that’s outrageous or seemingly impossible will be ignored.

    How to Detect Spoofing

    Organizations can use email security technology that detects attacks that use domain similarity to impersonate executives as well as trusted and well-known partners and brands. Organizations should seek out a service that scans all inbound emails in real-time, looking for the traits of malware-less, social engineering-based impersonation campaigns. A well-suited solution can identify header anomalies, domain similarity, recently registered domains, sender spoofing, suspect body content, and international character sets that are often part of impersonation attempts.

    How to Prevent Spoofing

    The SOES research indicated that a lack of resources, technology, and knowledge tend to stand in the way of addressing email and website spoofing attacks. Companies can take steps, including the following, to address their challenges and prevent attacks:

    • Regular cyber awareness training helps employees detect — or at least be wary of — spoofing attempts. The most effective training programs are short, engaging, and customized to an individual’s role, risk factors, and past behaviors, such as clicking on infected email attachments. In addition, training must be regularly updated to keep pace with the latest cyber exploits. 
    • Adopting the Domain-based Messaging Authentication Reporting and Conformance (DMARC) protocol enables companies to automatically block incoming emails from spoofed domains and report any abuses to the brand that is being impersonated. Taking an automated approach to brand protection enables companies to conduct far more scans of spoofed websites and phishing emails. Artificial intelligence helps fight spoofing by analyzing hundreds of millions of registered domain names, to get confirmed spoofed sites taken down before they can cause damage.

    The Bottom Line

    Email spoofing and website spoofing are sophisticated social engineering attacks that cloak legitimate domain names to lure unsuspecting readers and visitors. Once the victim is hooked, the attacks use social engineering to imitate individuals and brands that people trust to get them to disclose sensitive information or send money. Detecting and preventing spoofing attacks require resources, technology, and cybersecurity knowledge — all of which are in short supply in many of today’s companies. Read more about how Mimecast’s security awareness training and brand protection solutions enable companies to better protect against scams that prey on their employees and on the trust in their brand.


    [1]Spoofing and Phishing,” FBI

    [2]What Is Image Spoofing and How to Prevent It?”, Security Boulevard

    [3]What Is Spoofing?” CompTIA

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page