Email Spoofing

Email Spoofing 101: What is it, and how to STOP it?

Written By Dora
January 28, 2021

How can you recognize email spoofing? What are the most effective ways to realize when somebody is trying to con you through your email account?

Email scams may be nothing new, but thousands of people still fall for them every day. 

It’s easy to let your guard down, and unfortunately, some scammers are really sophisticated and know all of the tricks. 

In this email spoofing guide, we’re arming you with the tools you need to prevent it, as well as going over how to stop email spoofing. 


What is Email Spoofing?

What is Email Spoofing?

Email spoofing is defined as the art of sending disingenuous emails to fool someone. These are usually pretending to be from somebody else. 

Email spoofing is a synonym for phishing emails and spam. All serving the same purpose to mislead the recipient. 

For instance, it could be somebody pretending to be from a billing department saying there is a problem with your payment, and chasing money.

netflix email billing scam
Email spoofing: Netflix Billing. Image by Mailguard

Email spoofing comes in a lot of different forms, and people might even pose as executives from businesses to try and get hold of your personal information. 

It isn’t just bank details that can hurt you. 

People try to get hold of other details in order to steal your identity. This is big business, and your details might be sold on the black market.

But, how can you prevent email spoofing from happening?

If you are thinking of how to prevent email spoofing and are scared of whether or not you have been spoofed in recent times you can sign up for an email spoofing software. The software will tell you if you have been the victim of a breach and if your personal information is available anywhere it shouldn’t be. 

Identity Force mobile interface
Example of an email spoofing software. Image by Identity Force

Who Uses Email Spoofing?

To put it simply, scammers use email spoofing. Some people dedicate their lives to try to catch people out.

Spoofing can range from huge email blasts that try to “play the percentages” and get a few people fooled, to smaller targeted phishing attacks to collect the details of someone specific, or to gain access to information about a certain company. 

Graph showing distribution of organizations affected by phishing attacks by category
Distribution of organizations affected by phishing attacks by category in Q1 2020. Image by Securelist

Criminals sometimes have large operations for email spoofing, and sell people’s details on the black market. This means that they are hard to detect, and the criminal operations can go on for a long time.

What is Email Spoofing Used For?

Ultimately, email spoofing can be used for a few different things. 

When you think of online scams, you might think of protecting your card details. A lot of types of online scams including spoofing can indeed be used to try and get your card details and access your bank account

However, this is not the only risk at all. Email spoofing can pose other problems.

The common uses of email spoofing include:

  • To try and gain access to information about a company you work for. Targeting individual employees or even contractors with spoof emails can be a way to try and gain access to big companies’ data. Some huge data breaches can be traced back to an employee getting tricked by a spoof email.
  • To get instant financial gain. There are still plenty of schemes out there aiming to get cash from you quickly. With some of these relying on causing panic. For instance, posing as debt collectors or pretending to be from a company that you may owe money or have a subscription service with.
  • To collect your details. Your personal information should be protected at all costs to prevent email spoofing. You might not think there is too much issue with others having access to your details, but actually, unscrupulous scammers are happy to use your personal information to steal your identity. This means they might be able to take out lending in your name and use the money for their own needs. This is incredibly dangerous, and the consequences can stay with you for decades, especially if the scammers don’t get caught.

The Consequences of Email Spoofing

Now that you understand what email spoofing is, you might be wondering what can happen if you fall for a scam.

While this article isn’t in place to scare people unnecessarily, it is important to fully understand the consequences of email spoofing and what can happen when email breaches do occur.

Email data breaches come in many forms.
Email data breaches come in many forms.

If you give someone your details inadvertently then you might leave yourself in a real position of peril.


If you get tricked by one of the email spoofing scams that target your bank details with a fake payment platform, then the obvious issue you have to deal with straight away is the fact that you have lost money, and potentially stand to lose more money if the scammers continue to use your information.

PayPal Card Detail spoof
Paypal Card Registration Spoof. Looks legit right? Image by We Live Security

You can approach your bank, and try to perform a chargeback after being scammed, but this is not always successful. 

Chargebacks after scams are not always successful.
Chargebacks after scams are not always successful.

In order to prevent email spoofing, it’s a good idea to use payment platforms like PayPal if you can to avoid this sort of thing. 

More on how to prevent email spoofing scams is coming later in the article.

Sadly, the consequences can go far beyond just losing some money, buying a spoof product, or a service you are never going to receive. Scammers will want to get the maximum they possibly can out of you, and the way to do this is by stealing your data.

Personal information including security information or something as simple as your date of birth and address can be used to steal your identity and take out a lending. Including car loans and credit cards. This type of email spoofing fraud is alarmingly common. 

most common types of identity theft
The US reported over 800K identity theft cases in 2020. Statistics from The Motley Fool by The Federal Trade Commission.


Obviously, you can take legal action against it, but this can take a long time, and it isn’t easy to clear your name

If huge debts are run up in your name and you can’t prove that it wasn’t you there could be financial implications. 

On top of this, your credit score can be impacted. Things might stay on your credit report for up to a decade and this can make it hard to move on with your life. Borrowing money can be virtually impossible until you have proven that you were being scammed.

Email Spoofing can also cause email marketers problems

Scams and frauds through emails are becoming more and more common. Hence, email marketers are becoming less credible. This is especially unfortunate since large pools of companies rely on email marketing. In fact 77 percent of B2B companies use newsletters to amplify their content.

Email spoofs effects on company email marketing
Email spoofs can affect a company’s email marketing campaigns. Image by Marketingland.

If you are an email marketer, you should become more creative and find creative ways to connect with your clients. It is crucial to learn about new marketing techniques in this age and time. 

There are several marketing groups on Facebook that keep you updated with the latest marketing tips and tricks.

Klint Marketing put together a list for you of 50 Best Facebook Marketing Groups

Email spoofing can also affect a company’s reputation. 

Domain spoofing is another synonym for phishing attacks and occurs when an attack is made by using a company domain to impersonate that same company or its employees.

How can companies stop email spoofing from their domains?

Email spoofing software like DMARCIAN are broad email authentication systems that both validate IP addresses and prevent spoofing emails from being sent in the domain name. 

Email spoofing tools can in this way help companies secure domains and stop email spoofing

How to Stop Email Spoofing

Main tips on how to stop email spoofing
Main tips on how to avoid email spoofing

Nobody can protect themselves 100% against email spoofing. Not even Google has figured out how to prevent email spoofing on Gmail completely. 

The process can’t be completely automated, but there are things that you can do to protect yourself. 

Combine this with preventative approaches like checking the email accounts and company credentials and you reduce the chances that anyone will be able to gain access to your details and take advantage.

So how can you stop email spoofing?

Answer is:

Using email spoofing software is a way to ensure that if there are any issues, or your details do end up somewhere they shouldn’t be, the tool ensures that you are quickly alerted and can take action

An email spoofing tool will carry out necessary checks regularly.

Email Spoofing: Learn how Gmail’s spam-fighting technology saves you time.

As we’ve briefly mentioned, a spam filter can be another way to protect yourself from email spoofing. This needs to be paired with checks you perform yourself, but most spam filters on accounts by Google mail, Live, and other big providers, manage to catch a lot of scammy emails and prevent them from even getting in front of you.

Google's spam folder is an example of how to stop email spoofing
Google’s spam folder is an example of how to stop email spoofing. Image from Business Insider by Marissa Perino.

Another great tip to prevent email spoofing from happening to you is to be very selective about who you give your email address to. If it is publicly available in a lot of places then there is nothing to stop scammers from getting their hands on it and trying their luck. 

If you only give your email address to people who you know and trust as well as reputable companies then you should have a little more protection.

Data breaches can still expose your email address and other information, but that doesn’t mean you should just hand out your email address to anyone who wants it. Carefully sharing your email address is how to prevent email spoofing from happening to you.

How to Prevent Email Spoofing

11 Tips for Identifying Fake Websites and Phishing Emails

There are many ways to prevent email spoofing. Though the scammers are becoming better at hiding the fact that they aren’t legitimate there are still some telltale signs you can keep an eye out for. 

Email with explanation of how to do an email spoofing test
Prevent Email spoofing: Are you looking out for these signs? Image by SSL2BUY

These simple email spoofing signs can help you establish whether or not the email is worth responding to.

If you are in any doubt at all, check for these hints, even if it just means searching the email address to see if anyone has had other issues.

Here are some of our top tips to prevent email spoofing:

  • Be on the lookout for anything unprofessional. Spelling errors, or things that aren’t formatted correctly, are a telltale sign in emails that claim to be from professional companies. 
  • Check the email address of the sender. Is it from a legitimate domain? Someone claiming to be from Microsoft Support will have an email account that has an affiliation with Microsoft. Be on the lookout for small alterations in the domain, such as “Mircosoft”, this is a very concerning sign.
  • Ensure you have a good spam filter working on your email account. This is a good way to stop scam emails from working their way to your inbox and take some of the work out of your hands.
  • Beware of subject lines that seem to provoke panic. “FINAL REMINDER” or “Your account has been suspended” are some examples of email subjects you might get from scammers who want you to panic and submit your personal information without properly thinking it through.
  • Look for legitimate contact details in the email. Big companies will be happy to provide you with multiple ways to contact them, rather than sending you to one specific link. Check the footer of the email for a listed phone number or an address. On top of that, cross-reference these details with Google, and the email address that the email is coming from.
  • Contact the company separately. If anything at all arouses your suspicion then there is no harm in finding the company’s contact details through Google or any search engine, and getting in touch this way. That means you know whoever you are talking to is really from the company they claim. You can then check if there is any record of account issues, or even ask them to email you to confirm that your account is in good standing.

Other Types of Spoofing

Distribution of spoof types
Email spoofing is the most common type of spoofing. Image by Propeller

Scams are not restricted to emails.

Many scammers and criminals will try to catch you out in other ways. 

Some will set up fake advertisements on social media, or even quizzes and seemingly innocent competitions that can be a way to try and collect peoples’ data to use for fraudulent purposes.

Spoofing in the form of competition winning
Email spoofing can be in the form of winnings. Image by WikiHow

Before the internet, phone number spoofing was already a popular scam and still works to this day. 

Calls might claim to be from a tech support agency or even from a government agency. Normally, these types of spoofs try to cause panic, so they might even claim that a relative or loved one is in trouble and needs your help.

fraud categories by number of reports
Tech support scams are most frequently reported by ages 60+. Image by the FTC.

A lot of people think they would never fall for spoofs, but in the modern age, it is easier than ever for scammers to appear legitimate. Billions of dollars are lost yearly to identity fraudsters, and though the elderly are often targeted, it can happen to absolutely anyone.

Consumer identity theft and cybercrime statistics from 2019
Statistics from The Insurance Information Institute

One of the best qualities to prevent email spoofing and other types of scams is to ensure that you pay attention to contact information including phone numbers that don’t look legitimate. 

Always ask to see an ID if someone knocks on your door (some criminals have the front to try and scam you at your own front door), and be alert that when someone tries to tell you something is seriously wrong, there could be a scam taking place. 

People are more vulnerable if they fear the worst is happening.

Email Spoofing can happen to anyone

A lot of us are guilty of thinking that email spoofing would never happen to us. 

We carry on assuming that you have to be really gullible to get caught, but this isn’t the case and hopefully, this email spoofing guide has done its part to arm you with tools to protect your personal information.

Scammers are getting better and better at looking like the real deal, and that’s why fraud is still a huge problem for citizens of the United States as well as elsewhere around the globe. 

Taking precautions to prevent email spoofing and understanding how to stop email spoofing at the source is essential.

BIO: David Lukić is an information privacy, security, and compliance consultant at IDstrong.com. The passion to make cyber security accessible and interesting has led David to share all the knowledge he has. 

Related Posts

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

0 Shares
Tweet
Share
Pin
Share