What is email spoofing?
Email spoofing is the practice of sending email messages with a forged sender address, making the email appear to be from someone it is not. Email spoofing is frequently used in phishing email, spear-phishing, and business email compromise scams to make recipients believe that the email is from a trusted source. Email spoofing may also be used by spammers to avoid spam email blacklists by sending messages under someone else’s sender address.
Protect your organization from email spoofing
Email spoofing is a highly damaging and increasingly frequent form of cyber fraud. In a spoofing email attack, a cybercriminal sends an email with a "From:" address that appears to be from a source the recipient trusts: a colleague, a friend, an executive or a well-known vendor company. The email will typically ask the recipient to perform an action that eventually gives attackers access to networks, systems or financial accounts. Email spoofing is usually used in phishing and spear-phishing attacks, and in an impersonation attack where an email may seem to be from a CEO or CFO who is asking the recipient to wire money to an account that turns out to be fraudulent.
Defending against email spoofing requires a multi-layered approach to security. Users, often the weakest link, must be empowered with knowledge and best practices that can help them know how to spot phishing and email spoofing attacks. But because it's impossible for users to identify every email spoofing attempt every time, organizations need state-of-the-art defenses that can automatically recognize and warn users about suspicious email.
Mimecast solutions to stop email spoofing
For organizations seeking a solution to prevent email spoofing, Mimecast offers Targeted Threat Protection as part of an all-in-one subscription service for email security, continuity and archiving.
As a cloud-based offerings, Mimecast solutions can be implemented quickly and easily without capital expense. And by automating security and providing administrators with easy-to-use tools for setting and enforcing email security policies, Mimecast reduces the complexity and cost of protecting against email spoofing and other attacks.
How Mimecast prevents email spoofing attacks
To thwart email spoofing attempts, Mimecast provides a suite of security technologies that include:
- URL Protect. Mimecast technology protects users from malicious URLs by scanning every destination website in real-time to identify sites which may be suspicious based on up-to-the-minute threat intelligence.
- Attachment Protect. Mimecast scans every attachment, searching for malicious code. Suspicious files can be sandboxed or rewritten to a format that enables users to safely access it.
- Impersonation Protect. Mimecast performs a deep scan on all inbound emails to search for header anomalies, domain similarity and specific keywords that may be signs of spoofing. Mimecast also provides DNS authentication using services like SPF, DKIM and DMARC to spot potentially fraudulent email.
When Mimecast identifies an email spoofing attempt, administrators have control over whether messages should be discarded, quarantined or sent on to users with a warning that the email may be suspicious.
Learn more about email spoofing solutions from Mimecast, and how Mimecast uses DMARC email security to spot suspicious email.
FAQs: Email spoofing
How do attackers spoof an email address?
Spoofing an email address is a relatively simple form of cybercrime. Attackers may change the display name and/or the "From" header in the email to pose as a trusted source, or they may create a look-alike domain that is virtually indistinguishable from a legitimate domain.
What does a spoofed email look like?
A spoofed email will appear to be from a legitimate or trusted source, but if you look closely, you may spot anomalies that identify the message as a spoofing attempt. In a spoofed email, the actual email address may be different from the display name. Also, the email address in the header will not match the sender’s email address, and the “Reply to” field in the header will not match the name of the sender.
How to stop email spoofing?
Mitigating the risk posed by email spoofing requires a multi-layered approach to security. Security awareness training can help users to more easily spot and avoid email spoofing attempts. Email filters that use DNS authentication services like SPF, DKIM and DMARC can help to lock potentially fraudulent email. And should spoofed email get past your authentication services, technology that blocks users from clicking on malicious links or opening malicious attachments can help to prevent an attack via email spoofing.
How to stop spoofing emails from my email address?
If your email address is being used by spammers or cyber criminals to initiate attacks, it’s possible that your email account has been compromised and that attackers are sending messages using your credentials. Changing your login information and using a strong password can help to stop this. It’s also possible that your account is safe and that attackers are simply using your email address as the “From:” address in the email they send. In this case, there’s little you can do except to report the incident to your Internet service provider.
How to stop email spoofing in Office 365?
Microsoft Office 365 Advanced Threat Protection (ATP) offers certain anti-spoofing features that help protect from external domain spoofing, but to provide your organization with superior protection requires a multilayered approach to email security. Security awareness training can help your Office 365 users spot and avoid email spoofing attempts. Third-party providers of email filtering software can help block more email spoofing attacks. Finally, when spoofed emails manage to elude other defenses, technology to block users from clicking on malicious links or opening weaponized attachments can prevent spoofed emails from doing damage.
What are examples of email spoofing?
Email spoofing is a common tactic used by cybercriminals to deceive recipients, and it can take various forms. Some examples of email spoofing include –
- CEO Fraud – In this type of spoofing, the attacker poses as a high-ranking executive, typically the CEO or CFO, to trick employees into performing actions like transferring funds or sharing sensitive information.
- Phishing Emails – Spoofed emails are often used as part of phishing attacks, where the attacker seeks to obtain sensitive information, such as login credentials or financial details, by posing as a trustworthy entity.
- Business Email Compromise (BEC) – This involves spoofing emails to compromise business transactions, gain unauthorized access to sensitive data, or initiate fraudulent financial transactions.
- Look-Alike Domains – Cybercriminals create domains that closely resemble legitimate ones, tricking recipients into thinking they are interacting with a trustworthy entity.
What are common traits found in a spoofed email?
Common characteristic of spoofed emails include –
- Mismatched Email Addresses – The email address in the header may not match the sender’s actual email address, indicating a potential spoofing attempt.
- Unexpected Attachments or Links – Spoofed emails often contain attachments or links that, when interacted with, can lead to malware installation or phishing websites.
- Urgent or Unusual Requests – Cybercriminals often create a sense of urgency or use unusual requests to manipulate recipients into taking immediate action, such as clicking on a link or providing sensitive information.
- Unusual Language or Tone – Spoofed emails may exhibit language or a tone that deviates from the sender's typical communication style, raising suspicion.
- Generic Greetings – Legitimate emails from known contacts usually include personalized greetings. Spoofed emails may use generic greetings or lack personalization.
What is the difference between email spoofing and phishing?
Email spoofing targets the email’s origin, creating a false sense of trust, while phishing involves a broader range of tactics aimed at obtaining sensitive information through manipulation and deceit.
