Email Spoofing: What It Is and How It Works

Don't get tricked by scammers who want to take advantage of you

Illustration of criminal hands attacking and stealing from cloud services

youngID/Getty Images

The word spoof means falsify. A spoofed email is one in which the sender alters parts of it to look as though it were written by someone else. Typically, the sender’s name or email address and the body of the message are changed to appear as though they're from a legitimate source such as a bank, newspaper, or company the recipient does business with.

The reason scammers change email information is to get people to trust them. They hope recipients of the message will take additional steps, such as following a link to a fake website intended to collect personal information (a process known as phishing); or open, read, and respond to emails about products or services they want people to buy.

How Spoofing Works

Scammers alter different sections of an email to disguise the true sender, including the following properties:

  • FROM: Name and email address
  • REPLY-TO: Name and email address
  • RETURN-PATH: Email address
  • SOURCE IP: IP address

The first three properties can be easily altered by using settings in Microsoft Outlook, Gmail, Hotmail, or other email software. The fourth, the IP address, can also be altered but doing so requires sophisticated knowledge.

Why Scammers Spoof

In the case of phishing, the scammer sends a spoofed email message, which has a link to a website. The message may look legitimate, and even have the logo of a company the recipient does business with, such as a bank, so the recipient may not think twice about clicking. However, if the link is clicked, it goes to the scammer's website, which is fake and has been set up to collect personal data.

The recipient may be asked to enter a username and password, and then given a message that the website is down. Meanwhile, the scammer has collected the recipient's login information for the actual site and is busy taking money out of their bank account before they realize what's happening.

Another scenario involves scammers who run illegitimate businesses. Their email messages get flagged as spam before anyone can read them, so they spoof them to make it look like the messages are from a legitimate entity. The emails may appear to be from an ordinary person, a real company, or a government agency. The purpose of this scam is to get recipients to open the messages and read the spam advertising inside.

Types of Spoofing Software

While some spoofed emails are altered by hand, the majority are created by special software. For example, the use of mass-mailing ratware programs is widespread among spammers. These programs run built-in word lists to create thousands of target email addresses, spoof the source email, then blast the email to those targets. Or, the ratware takes illegally acquired lists of email addresses and sends spam to them.

Mass-mailing worms are also common. Worms are self-replicating programs that act as a type of virus. Once on a computer, a mass-mailing worm reads the email address book of the recipient, then falsifies an outbound message to appear as though it's from a contact in the recipient's address book, and sends it to the entire contact list. This process may offend recipients, and tarnish the reputation of the innocent sender.

How to Recognize and Defend Against Spoof Emails

As with any con game, your best defense is skepticism. If you don’t believe an email is truthful or that the sender is legitimate, don’t click the link or enter your login information. If there's a file attachment, don’t open it. If an offer in an email seems too good to be true, it probably is, and your skepticism will save you from giving out your personal information. Finally, study examples of phishing and spoof email scams to train your eye to distrust these messages.