What Is Spoofing?

Spoofing is a type of cybercriminal activity where someone or something forges the sender's information and pretends to be a legitimate source, business, colleague, or other trusted contact for the purpose of gaining access to personal information, acquiring money, spreading malware, or stealing data.

What does email spoofing look like?

The most common type of spoofing is done through email. Similar to phishing scams, spoofing emails can be hard to detect. Typically, a false sense of urgency is conveyed in the way spoofing attacks are written, which often is the reason why end users react to them.

The telltale signs of a spoofing email include:

  • Incorrect grammar
  • Poor spelling
  • Badly written sentences or phrases
  • Incorrect URL: This can be deceptive and look correct--until you hover over it to uncover the actual URL.
  • Misspelled email sender address: The name of the sender or domain--or both--may be misspelled. This can be hard to recognize when viewed quickly and may, for instance, contain the number "1" instead of the letter "I.""

How do I defend against spoofing?

The best defense against email spoofing is a layered approach to your email security that includes a robust defense against phishing, spoofing, business email compromise, and other cyber threats. You will want functionality that lets you find, block, and remediate threats to inbound and outbound email.

Also look for:

  • Best-in-class threat intelligence, so threats are provided in real time and are immediately actionable
  • Multi-factor authentication that protects against credential theft
  • Phishing protection that stops deception threats
  • DMARC authentication and enforcement that protect your brand's reputation
  • Malware protection that can spot risky files in attachments and provide sandboxing
  • End-user training to continually expand and enforce your workforce's knowledge of cybersecurity risks.

Other types of spoofing

Text message spoofing

Text message spoofing, also known as "smishing" (sms text message + phishing), is similar to email spoofing. It occurs when a text message pretends to be from a legitimate source, such as Amazon or your financial institution. The message often contains a malicious link. The intent is to acquire your personal information.


Caller ID spoofing

Caller ID spoofing happens when phone scammers change their phone number and caller ID name to conceal their true identities.


URL spoofing

URL spoofing occurs when hackers create a fake domain and website in order to obtain personal information from victims or infect a user's network with ransomware.


IP address spoofing

IP address spoofing can occur on a network when an IP address is intentionally misrepresented as the source IP address in an IP packet. The purpose is to impersonate another computing system.


DNS spoofing

DNS spoofing is often referred to as a "cache poisoning" attack. A DNS cache poisoning attack locates and then exploits vulnerabilities that exist in the DNS to draw organic traffic away from a legitimate server and toward a fake one.

More about DNS attacks >