Email Security Blog

What is Email Spoofing?

Nikki Tyson November 17, 2015 Resources
Fallback Featured Image

Email spoofing is one of the most common forms of cybercriminal activity. It underpins the mechanism required to conduct hacking activities such as phishing and spear phishing. Unfortunately, most email users will have received an email that’s been spoofed – whether they know it or not.

Just as forgery was a key method used by traditional criminals as the gateway key to more complex crimes, e-mail spoofing is the forgery of an e-mail sender address, so that the message appears to have come from someone other than the actual source. Spammers will use spoof emails in order to try to get recipients to open, reply to or even take action in response to their solicitations. Spoofing anyone other than yourself is illegal in many jurisdictions.

At its core, email does not have any mechanisms for authentication, so for cyber criminals everywhere, spoofing is all too easy to do.

What does email spoofing look like in your inbox?

At the Gartner Security & Risk Management Summit earlier this year, we had the majority of attendees telling us that they were seeing an abundance of CEO and CFO spoof emails at their companies. The most common variants were spoofed emails that seemingly came from the CEO, being sent to the CFO, instructing the CFO to wire money related to some kind of super-secret operation, over to an unfamiliar account. Controllers at these companies were also receiving similar spoofed emails purporting to come from their CFOs.

Research indicates that spammers spoof industries in swarms – they move from one sector to the next with little predictability.

Clearly, it is imperative that companies need to update their email security strategies and look at how they can proactively solve the problem before they are spoofed or become victims of a spoofed email.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

June 30, 2017 Todd Weltz

Why are my Google Calendar Invites Blocked by DMARC?

Are you sending Google Calendar invites and not getting replies, or maybe your invitees tell…

Agari Blog Image

January 6, 2016 Agari

Security Infographic: 7 Ways to Protect Customers

To learn more about how email cyber attacks are impacting businesses – both financially and…

Agari Blog Image

December 15, 2015 Agari

Don’t Let Your Customers Be Fooled By Cousin Domains

In the last five years, we’ve all become far too familiar with it – hackers…

Agari Blog Image

November 10, 2015 Agari

Exploring Phishing Statistics

  At Agari, we are vocal about the steps organizations can take to protect their…

Agari Blog Image

November 3, 2015 Nikki Tyson

What is a Spear Phishing Attack?

While “phishing” has entered the vocabulary of most email users, the concept of a spear…

mobile image