• Your IP: (VA, United States)
  • Your ISP: Amazon.com
  • Your Status: Unprotected
  • Get Protected

August 29, 2019

Everything You Need to Know About Email Spoofing

Posted by

Most email services have excellent spam filters. Even if a few spam emails slip through the cracks, we’ve gotten pretty good at recognizing them. If the subject line says “CLICK THIS LINK TO CLAIM YOUR LOTTERY WINNINGS,” chances are, you would delete it immediately because you know it’s fake. But what if you get an email allegedly from your bank telling you there’s a problem with your account? Even though it looks real, it could be an example of spoofing. Spoofing is a trick designed to convince you to send sensitive information to those who would misuse it. To avoid falling into that trap, here’s everything you need to know about email spoofing and protecting yourself against it:

  • What is spoofing?
  • Why do people do it?
  • How is email spoofing done?
  • How do I protect myself against it?

What is Spoofing?

Spoofing happens when internet users forge the header/originating address of emails. This makes it look like that message originated from a different source. The emails may look like they’ve come from a legitimate business such as a popular online store, or a banking institution. They may also look like they come from people you know personally like friends or coworkers. By allegedly originating from a trustworthy source, these messages have a higher likelihood of being opened than other spam emails.

Why do People do it?

There are a few reasons people use email spoofing, but they normally boil down to two purposes: phishing, and spam. Phishing is when someone online is trying to obtain sensitive information from you. Phishing emails are most likely to ask you to input some sort of data within the email itself. For example, a phishing message that appears to be from your bank may request that you sign in to your account to address a problem, right from the email itself (or through a link provided in the email). If you do, the person on the other side of the message might see your username and password. They can then access your account in future.

Another possible phishing message can appear to be from your boss or a coworker asking for system access credentials. If you respond with the information, then the security of your company (and your job, for that matter) becomes compromised.

The other main reason for email spoofing is spam. Because these messages look more trustworthy when compared to other types of spam, they’re more likely to be clicked. If you’re lucky, the inside of the email will just be apparent spam that you will recognize and delete. However, many of these emails contain links that, if clicked, can download malware onto your device.

Spoofing may also be used for committing identity theft or tarnishing the reputation of an email user. However, these reasons are less common.

How is Email Spoofing Done?

While we all like to think that criminal geniuses run spoof attacks, the truth of the matter is that it’s actually very easy to do. All a person needs is a Simple Mail Transfer Protocol server and an email service such as Gmail or Outlook. With these two pieces of tech, the user can edit different fields within the email such as the header and originating address. Although many email systems have developed tools for detecting and filtering spoofed messages, these methods still need improvement have been adopted very slowly.

How do I Protect Myself Against Spoofing?

Because some spoofed messages are extremely sophisticated, many people have difficulty picking them out from real ones. However, there are some best practices you can implement with every email you open to stay protected in every eventuality.

  • Keep Your Anti-Malware Software Up-to-Date: If you accidentally click a malicious link in a spoofed email, your anti-malware software should be able to detect it and block it (or warn you about the link even before you click it).
  • Don’t Share Sensitive Info: Even if you trust an email 100 percent, you should never share sensitive information through emailed messages. Once you’ve sent the message, its security and privacy is out of your hands and anything can happen to it. Whether you suspect spoofing or not, implement a policy of never sending personal data, like financial information, through email.
  • Use Strong Spam Filters: Many email services allow you to set the strength of your spam filters. Use the strongest possible settings to protect yourself from spoofed emails.
  • If You’re Not Sure, Don’t Click: If you don’t have full confidence in an email link or download, just don’t click it until you’re positive it’s safe. For an email from your bank, call the bank and ask about the validity of the message (but don’t use any phone number found within the email itself in case it’s fraudulent). If a coworker has sent you an email, you can also check with them that they were the one to send it before you open any links or start any downloads.
  • Check That Links Are Secure: If you do trust a link enough to open it, check its level of security once it is open. If the URL starts with HTTP instead of HTTPS, it isn’t secure and you should never input any personal information into that website.
  • Look at the Email Address, Not Just the Display Name: Most email servers allow you to choose or change which name you want to appear alongside your message. However, you should always compare the display name to the actual address. If the display has the name of your great aunt but the address says “customerservice@madeupcompany.com” then you’re probably being spoofed.
  • Examine the Email’s Content: While some spoofed messages can appear indistinguishable from a legit one, there are a few signs to watch out for that can tell you if a message is real or not. If the subject line is designed to frighten you or spur you into an action (for example: your account has been suspended), it could be a spoof. Another sign of a fake message is spelling mistakes. One mistake might not be cause for alarm but several is more likely to indicate danger. A third trick to try is to hover over links in the email. If you hover over the link, there should be a little pop-up to tell you the URL the link will take you to. If it’s suspicious, you’ll know not to click it. Finally, if the email is too vague or too jargon-y, stay on your guard and verify its authenticity if possible before taking any action with it.
  • Get Technical: While visual signs of spoofing are great to look out for, sometimes those signs just aren’t there. If that’s the case, you can take a technical look at the email. First, examine its header. The email address in the header should match the address you expect it to be from. In the header, you can also take a look at the “received” field. The email address there should match the name of the sender. Finally, take a look at the return path, which should also match the expected address of the sender. You can also conduct a reverse IP address lookup, to see where the sender of the email originates from. If the email should come from Detroit, Michigan but the IP address is somewhere in Nigeria, it’s probably a spoof.

Email spoofing is a real threat to online privacy and security but it doesn’t have to be. By understanding how it works and how to avoid it, you can stay protected.

To protect yourself further, use a VPN to encrypt all of your internet traffic.

Posted by

More Blog Posts

Privacy Tip of the Week: Buy a New Router

June 11, 2022

Privacy Tip of the Week: Buy a New Router

If you’re using wi-fi to read this article, it was probably made possible by a router. A router takes a wired internet connection – such as may be provided to a computer via an ethernet cable – and makes it available wirelessly. This allows devices like phones, tablets, laptops, and smart devices like home assistants, […] Read more
6 Expert Tips to Avoid Getting Hacked in the Year 2019

May 25, 2022

Expert Tips to Avoid Getting Hacked in the Year 2022

By October 2021, more hacks had already occurred than had taken place in the entirety of the year before. As fast as software is developed to protect user data, software is developed to breach it. Hacks take place approximately every 39 seconds and an estimated one in three Americans will be affected by a major […] Read more
Password Manager Header

May 15, 2022

Privacy Tip of the Week: Use a Password Manager

Passwords are the gatekeepers of our lives. They protect our devices, social media, and other personal information from prying eyes. However, with so many different accounts requiring passwords, it can be a hassle to remember them all (if not an impossibility). Because of that, many people choose to use the same password for everything, which […] Read more

Grab the limited deal now!

Our best price ever! Get HotBot VPN for 66% off today. Our app can be used on up to 6 devices at a time, doesn't limit speeds, and increases security and freedom when using the internet.

{{ localCurrencyFn }}
1 Year Plan
{{ plans[1].currency }}

{{ trialPriceNumeric(1) }}


Save 66%

{{ plans[1].oldPrice }} {{ plans[1].formatPrice }}

Billed every year.

6 Month Plan
{{ plans[0].currency }}

{{ trialPriceNumeric(0) }}


Save 20%

{{ plans[0].oldPrice }} {{ plans[0].formatPrice }}

Billed every six months.

1 Month Plan
{{ plans[2].currency }}

{{ trialPriceNumeric(2) }}


{{ plans[2].monthPrice }}

Billed every month.

Get the HotBot VPN Mobile App.

Download our apps for iOS and Android