What Is Email Spoofing and How Can You Protect Yourself?

Quick Answer

Email spoofing is when someone changes the information in an email header so that it appears that the email is coming from a different person or domain. You can protect yourself by closely reviewing the header information to spot a spoof.

man with glasses and white t-shirt looking at laptop

Spoofing is a general term for when someone with malicious intent disguises their digital identity. With call spoofing, the caller ID might show a familiar name rather than the caller's identity. And criminals can also use email spoofing to trick victims into thinking an email is from a friend, family member, business contact, government agency or trusted brand. It's often the first step in an attempt to steal someone's personal or sensitive information.

What Is Email Spoofing?

Email spoofing is when someone changes what appears in an email's metadata, such as the name or email address of the sender. The reply-to address can even be changed so that you'll unwittingly respond to a different email address if you hit reply.

Spoofing an email doesn't require the perpetrator to take over someone else's email account. Instead, the sender simply changes the information that you see when you receive an email. Email systems historically haven't verified this information, although newer technology and filters can help protect you from some spoofed emails.

Email Spoofing vs. Phishing

Email spoofing and phishing often overlap, but they're not the same:

  • Phishing is when a criminal uses email to convince you to send them money or share personal or sensitive information, such as your Social Security number or the username and password for your online bank account. Attackers might trick you into downloading an attachment that infects your device with malware, direct you to a legitimate-looking website that collects your account username and password, or earn your trust and convince you to send them money or your info
  • Email spoofing is the manipulation of email header data. Phishing attacks often involve spoofing because victims are more likely to trust and respond to an email that looks like it's coming from a trustworthy source. But individuals or organizations also might spoof their email addresses to hide their identity, get past spam filters or make the person or organization they're imitating look bad.

3 Types of Email Spoofing

Although email spoofing always alters email header data, the specific manipulation can depend on the type of spoofing:

  • Change the display name: The sender might change the name that gets displayed, making it look like the email is coming from someone else.
  • Change the name and email address: A more sophisticated spoof might change the name and the domain—the part after the @. This still doesn't involve hacking the official website or sender. Instead, the attacker creates or uses a compromised server that the email gets relayed through.
  • Use visually similar addresses: Attackers can alternatively create websites and email domains that look like the name of a well-known and legitimate organization. For example, they could use a capital "i" instead of a lower-case "L" because the two letters look similar.

A Real Example of a Spoofed Email From My "Dad"

Here's an example from my inbox of a spoofed email with a changed display name. At first, it looked like the email was from my dad, Henry DeNicola. Once I opened the email, however, I noticed a few clear indications that the email was a spoof.

Spoofed email example

The first clue that something was off was that my dad would never send this message. And there's a link to an odd website. But also, you can see there's a mismatch with the sender's name and email address, "Henry Denicola <keira****@*****ys.ie>."

The scammer tried to make this slightly more believable by making it look like this might be a forwarded email. But they still used his name as the display name because they wanted that to grab my attention.

How to Tell if an Email Is Spoofed

You might regularly receive spoofed emails that are filtered into your spam folder, but you want to be aware of some warning signs in case the email slips into your inbox.

  • The name and email don't match: If it's a simple case of spoofing, the name and the email won't match. When scammers impersonate companies, the display name might be something like Customer Support, but the email address won't be the company's official email. Be especially cautious if you're not familiar with the domain—in this case, the ******ys.ie domain in the example above is unusual because it ends in .ie (the domain code for Ireland).
  • You're asked to click on a link: As a general rule of thumb, it's best to not click on links in odd or unexpected emails or text messages. Often, the email will create a sense of urgency or intrigue. Scammers that impersonate companies might tell you that your account is compromised and you need to click on the link to reset your password.
  • The signature is wrong: If the email has a signature, check the name, address, phone number and other information to see if it matches the organization or person's real information.
  • Replies go to a different address: Double-check the email address that's filled in when you click reply to make sure it matches the sender's displayed address.
  • The message sounds off: There isn't a precise way to measure whether something sounds off, and scammers can now use AI to craft more natural-sounding emails. But you might be able to tell if someone is pretending to be your friend or family member, and you can always call, text or email them directly to ask.

There are also general warning signs that an email or request is part of a scam. For example, if you're asked to share your password or Social Security number via email, that's almost certainly a scam. Similarly, scammers might ask you to send them payments using a wire transfer, money order, cryptocurrency or gift cards because it's difficult to reverse those transactions.

How to Protect Yourself From Scammers

If you ever feel pressured or threatened into sharing personal information or sending someone a payment, take a few minutes to review this seven-step checklist for avoiding falling victim to cybercrime and scams. And if you think you responded to a spoofed email or clicked on a link, there are guides for what to do if your device is infected with malware or someone steals your identity.

You can also proactively take steps to see if your information is available online by running a free dark web scan and free privacy scan. An Experian IdentityWorks℠ subscription can also cover you with ongoing credit and identity monitoring, identity theft insurance and access to fraud resolution specialists.