Email Spoofing: What It Is and How It Works

Don't get tricked by scammers who want to take advantage of you

Illustration of criminal hands attacking and stealing from cloud services

youngID / Getty Images

The word “spoof” means “falsify.” A spoofed email is one in which the sender alters parts of it to look as though it were written by someone else. Typically, the sender’s name or email address and the body of the message are changed to appear as though they're from a legitimate source such as a bank, newspaper, or company you do business with.

The reason scammers change email information is to get you to trust them. They hope you'll take additional steps, such as following a link to a fake website intended to collect your personal information (a process known as phishing); or open, read, and respond to emails about products or services they want you to buy.

How Spoofing Works

Scammers alter different sections of an email to disguise the true sender, including the following properties:

  • FROM - name/address
  • REPLY-TO - name/address
  • RETURN-PATH - address
  • SOURCE IP - address

The first three properties can be easily altered by using settings in Microsoft Outlook, Gmail, Hotmail, or other email software. The fourth, the IP address, can also be altered but doing so convincingly requires sophisticated knowledge.

Why Scammers Spoof

In the case of phishing, the scammer sends you a spoofed email message, which has a link to a website. Keep in mind that the message may look legitimate, and even have the logo of a company you do business with, such as a bank, so you may not think twice about clicking. However, when you do, you're taken to the website, which is actually fake and has been set up for the sole purpose of collecting your personal data.

You may be asked to enter a user name and password and then given a message that the website is down. Meanwhile, the scammer has collected your login information for the actual site, and is busy taking money out of your banking account before you realize what's happening.

Another scenario involves scammers who run illegitimate businesses. Their email messages get flagged as spam before anyone can read them, so they spoof them to make it look like they're from a legitimate entity. The emails may appear to be from an ordinary person, a real company, or a government agency. The purpose of this scam is to get recipients to open the messages and read the spam advertising inside.

Types of Spoofing Software

While some spoofed emails are altered by hand, the majority are created by special software. For example, the use of mass-mailing ratware programs is widespread among spammers. These programs run massive built-in word lists to create thousands of target email addresses, spoof the source email, and then blast the email to those targets. Or, the ratware takes illegally acquired lists of email addresses and sends spam to them.

Mass-mailing worms are also common. Worms are self-replicating programs that act as a type of virus. Once on your computer, a mass-mailing worm reads your email address book, then falsifies an outbound message to appear as though it's from a contact in your address book, and sends it to your entire contact list. This process may offend recipients, and tarnish the reputation of the innocent "sender." 

How to Recognize and Defend Against Spoof Emails

As with any con game, your best defense is skepticism. If you don’t believe an email is truthful or that the sender is legitimate, don’t click the link or enter your login information. If there's a file attachment, don’t open it. If an offer in an email seems too good to be true, it probably is, and your skepticism will save you from giving out your valuable personal information. Finally, study examples of phishing and spoof email scams to train your eye to distrust these messages.