What Is Email Spoofing and How Can You Avoid It?

Email spoofing

Email spoofing happens more often than you may know. Picture this, you get an email from your buddy and there’s a link in the mail. The email address looks real and you can recognize it from your friend so you click on the link without hesitation. What you expect to see is a funny video or something of interest that you both share, but no. what happens instead is that your computer starts acting weird, and you get complaints from people that they are getting strange emails from you.

Table of Content

1 . What Is Email Spoofing?

2. How Does Email Spoofing Work?

3. How to Stop Email Spoofing?

4. Case Studies

If this has happened to you, then you’ve been a victim of email spoofing. But what then is email spoofing? Read on to find out this and more.

What Is Email Spoofing?


Email spoofing is a type of attack in which the attacker uses an email address that looks legit to send you a mail. The email address could look like that from a bank, government agency, family, friend, and even a colleague. This type of social engineering technique is used to achieve any of the following:

  • Send malware
  • Steal the victim’s banking or other personal information
  • Persuade them to send money
  • Stain their reputation
  • Make use of their identities

Even though recipients of spoofed emails can sometimes identify it, it still causes damage to the victim whose name is being dragged to the mud. If it’s an individual, it could be incriminating, and for a company it could lead to anything from loss of trust to fallen stock prices.

How Does Email Spoofing Work?


The first step to making email spoofing work is to get hold of your email address. Hackers can get this easily as a lot of emails are available in the public domain. Unsuspecting internet users share their email addresses as a means of contact on their social media accounts, pass them to people, and also leave them on contact forms when filling. You are not solely responsible for leaks of your emails as newsletters and online organizations which collect your information also play a role in leaking your email address.

Interesting Read : The best free anonymous email accounts

After getting your email, the attacker makes use of it in any of the following ways:

  • They can make use of your other information to gain access to your inbox
  • They can create an email that looks just like yours but with their servers and domain providers
  • They might use a brute force attack to get access to your email account
  • They can infect your computer with malware through your email and spam your contacts too

Some email services have loopholes that are exploited by hackers to send spoofed emails. Thankfully, some good email services have strong protocols for authentication to filter out suspicious emails and those from poorly configured domains.

How to Stop Email Spoofing?


There are several things that you can do to prevent email spoofing. Consider using any of the following actions:

  • Your antivirus is your computer’s first line of defense so you must keep it updated always. This will enable it to fight off malware in their various forms effectively. Also make sure your email app is the most recent version. The importance of doing this is that for every new app version released, a backdoor has likely been fixed. This makes it more difficult for hackers to get to you.
  • Make use of complex passwords as they are more difficult to crack. The stronger the password you use, the less likely that brute force attacks would be used to have access to your account. If you fear that you may forget the complex password you choose, then make use of a password manager. Just as its name implies, it stores your passwords and allows you to have access to them at any time. It’s also wise to change your passwords regularly.
  • Try to avoid signing up for newsletters indiscriminately. They will always ask for your email address and that puts you at risk. Also do not fill out online registration forms on websites that you don’t trust.
  • It’s always advisable to have multiple email addresses. Separating your personal and work email from emails that you use for your social media accounts and online services reduces the chances of information theft from spoofing. Keep personal emails as private as possible and if you do need to provide it, spell it out; (email(at)domain(dot)com.
  • Don’t give out your email, especially your personal or work email to people you don’t trust.
  • Before you use an email service, research to find out that the service provider is secure. Only make use of email service providers that make use of strong authentication or cryptographic protocols.
  • Look at the email address carefully before taking any action on the email. Check out for any forms of spelling mistakes or anything odd at all. Sometimes the difference between a legit address and a malicious email address is just a letter that you may overlook.
  • Each out to the supposed sender of the mail using other means for confirmation.
  • If you are ever in doubt and feel you have downloaded malware, do an immediate virus scan.
  • Do not click on links from email sources you do not trust. Easily identify a spoofed link so you can be more careful.

Interesting Read : How to encrypt Gmail to secure your emails?

Case Studies


This is based on attacks on a small business with less than 5 employees. Complaints were made that their customers were receiving nasty emails using the company’s email address. Investigation to find out the cause and source of the emails revealed a virus on one of the company’s workstations. The purpose of the virus was to steal all the customer’s email addresses is stored in the company’s contacts and then send it to the attacker.

With this list of contacts, the attacker then sends mails using the address of the company, and this act is called spoofing. The recipients recognize the address and because they trust the company, they are likely to do what the email says.

Interesting Read : Most Secure Email providers: Tutanota vs Protonmail – Which One Is Better?

Contents of the email could be a demand for money, or a link to click on. Usually the link takes the victims to a portal from which they can make payment and all this while the victims would be thinking they are dealing with the company.

When you notice attacks like this, contact your email hosting service company. You can demand a Sender Policy Framework which would identify and give permission to the servers that can send emails on behalf of your domain.

This case study made mention of a small business because they are usually the easy victims of attacks. This is because hackers believe they don’t have strong cybersecurity put in place.

6 Companies Lose Lakhs of Rupees to Hackers in A Week Due to Email Spoofing

With the rise in threats of email spoofing after 6 companies fell victim to attackers, the cyber police station at Bandra-Kurla Complex has given their advice to the company’s executives asking that they be careful when they receive emails.

The scammers make use of email addresses very similar to the domain name of their target company. They then send a mail, targeted mostly to the CFO in the name of a top executive requesting money urgently. The difference between the legit domain name and that which the attackers use is mostly just a letter that may go unnoticed.

Interesting Read : How to Keep Your Email Clients Safe

The scams were successful because in most cases, the CFOs didn’t verify the mail as the sender’s ID looked similar and carried the company’s domain.


In trying to stay safe and secure on the internet, you have to also be careful about your actions. Email spoofing plays on your trust and puts you in a situation where you act under pressure without suspecting a thing. The difference in the domain name could be just a letter and your brain may resolve the whole name as what you think it to be, so extra care has to be taken before acting. To be safe, always confirm every email you receive that request for money or personal information from you. Also avoid giving using a personal email address for online service subscriptions and registrations.

Your actions will take you so far when it comes to internet security, but to be sure that your connection is secure, make use of a VPN. VPNs keep you anonymous, encrypt your connections, and allow you to have access to contents that are otherwise blocked for your IP location. A good VPN aims at protecting you from malicious attacks and at Limevpn, we aim for this and more.