What Is Email Spoofing?

What Is Email Spoofing?

With email spoofing, the sender changes the information in an email's header so that it looks like the message is coming from a different person or domain. In other words, the name and email address are usually disguised to look like it's coming from a friend, family member, government agency or a company you do business with. The reply-to address can even be changed so that you'll unwittingly respond to a different email address if you hit reply.

You've likely already come across spoofed emails. For example, you may get a message from what looks like your phone carrier claiming your bill is overdue and you must pay it immediately or risk a service shutoff. The name and email in the header may look like it's coming from your mobile carrier, and the message may even include the carrier's logo and other branding designed to look like the real company. But if you click the button to make a payment, any account information or personal details you submit can be stolen and used to commit fraud or identity theft.

That's just one example of email spoofing. It comes in different forms, but understand that all email spoofing is designed to mislead you by impersonating a person, business or organization you trust.

Learn more: Common Scam and Fraud Terms You Should Know

Email Spoofing vs. Phishing

The terms "email spoofing" and "phishing" are often used interchangeably. There is some overlap, but they are different.

• Email spoofing: This is when the sender's details in the email's header are disguised to look like it's coming from someone else. Scammers understand you're more likely to click on an email from a trusted source than from someone you don't know. Spoofing is usually step one in a scam, but not always. Individuals or organizations also might spoof their email addresses to hide their identity, get past spam filters or make the person or organization they're imitating look bad.
• Phishing: Phishing is a type of cybercrime where someone tries to deceive you into giving up personal or financial information. The scammer's goal is to gain access to sensitive information like your Social Security number or get you to do something that benefits them. For example, they might trick you into downloading an attachment that infects your device with malware or direct you to a legitimate-looking website that collects your login credentials.

Many phishing emails use email spoofing to hide the sender's identity and make the message more convincing. If you've ever looked closely at a phishing email, you know it can be hard to tell it's fake. A Security.org survey found that only 5% of respondents could identify all the phishing emails they encountered, and 12% didn't recognize any.

4 Types of Email Spoofing

As mentioned, email spoofing means changing the email header data, but there are four ways cybercriminals can do that.

• Changed display name: The sender might change only the name that's displayed in the header. Unless you review the entire header, the display name will look legitimate.
• Changed name and email address: Some senders change both the name and the domain, which is the part after the @ symbol. This way, the scammer doesn't need to hack the official website or sender. Instead, they can create a server or use a compromised one to relay the email through.
• Reply-to address spoofing: With this method, a scammer sends an email that looks like it's from a trusted source, but then changes where your reply gets sent. So, the message looks like it's coming from customerservice@*company*.com, but the reply-to address is actually scammer@*randomdomain*.com.
• Visually similar addresses: Fake senders can also set up lookalike websites and email addresses that appear nearly indistinguishable from reputable companies and organizations. For example, the website and email address could use a capital "i" instead of a lowercase "L" because the two letters look similar.

How to Tell if an Email Is Spoofed

Email providers are getting better at filtering spoofed emails to your spam folder. However, you should still be able to identify some of the warning signs in case the emails sneak into your inbox.

• The name and email don't match. This is a common sign of email spoofing, so it should be your first check. It's easy for a scammer to change the display name to something like Customer Support. But look closely at the domain name, which might seem suspicious or unfamiliar. For example, it might use an unfamiliar ending like .biz, .info or a country code such as .uk. It could also include extra words to make it look real, such as domaincom.**fake-site**.com. Notice there's no period before the first "com," a common tactic scammers use to make a phony address resemble a legitimate one.
• You're asked to click a link or open an attachment. It's generally a good idea to avoid clicking on links in unexpected emails or text messages because they could steal your information, install malware or lead to fake sites.
• The message feels off or out of character. You've likely received emails from someone claiming to be a friend or company you know, but you can tell the message doesn't sound like them. Trust your instincts and avoid interacting with the message. Contact them directly or visit their website on your own to see if the message is real.
• The reply-to address is different. Double-check the email address that's filled in when you click reply to make sure it matches the sender's displayed address.
• The signature has wrong or outdated details. If you're not sure about a sender's authenticity, one step you can take is to confirm that the name and contact information in the email's signature match the real person or company.
• The message contains classic signs of phishing. Phishing goes hand in hand with email spoofing. So if an unexpected email creates a sense of urgency and asks for personal information like your Social Security number or requests payment by wire transfer, money order, cryptocurrency or gift cards, it's likely a spoofed message.

Tip: The Anti-Phishing Working Group (APWG) reports phishing attacks surged to over 1 million in the first quarter of 2025. These emails often use the same email subject line but link to different fake websites. Scammers often use subject lines that have worked before, so watch out for emails with common or urgent subject lines like Important Update or Overdue Invoice.

How to Protect Yourself From Email Spoofing

Make it harder for scammers to fool you by taking a few basic precautions, such as:

• Inspect the sender's email address carefully. Look carefully at the sender's email address, domain and spelling for any subtle differences or abnormalities they've used to attempt to mislead you. For example, you might receive an email claiming to be from your bank, but the message is coming from a Gmail address. You may need to take extra steps to view full sender details, depending on your email provider. In Gmail, for example, click the small arrow next to the sender's name and their reply-to address.
• Be wary of unusual requests. This includes urgent messages meant to make you panic and give up personal details, submit a payment or take another action.
• Enable multifactor authentication (MFA). MFA is a security feature on a login page that requires additional verification beyond your password, such as a text message code or facial recognition. Enable MFA for your email account and any other accounts that hold personal or financial information.
• Watch out for attachments and links. Don't download attachments or click on links in any unsolicited or unexpected messages you receive. Hover over them instead to see the actual URL and look closely for misspellings or subdomains that don't belong to the company. If you're concerned the message may be real, call the company instead to check its legitimacy.
• Enable spam filters. Most email programs include filters that block spoofed messages, but it's worth checking to make sure they're turned on. If needed, you can also use third-party antispam software for added protection.

What to Do if You're a Victim of Email Spoofing

If you receive a spoofed email, it doesn't always mean you've been harmed. Hopefully, you spot the signs and ignore it, so there's no action needed. But if you click a link, send a payment or reveal any personal or financial information, you may have fallen for a phishing attempt. Follow these steps if you're a victim of email spoofing or phishing.

• Don't respond or interact with the message. If you recognize an email as being spoofed, delete it and block the email address from sending you further messages.
• Report the spoof. If you think the threat is serious, let your email service provider know about it and forward them the spoofed email. You can also file a complaint at the FBI's Internet Crime Complaint Center.
• File an FTC report if your identity is stolen. You may need a Federal Trade Commission (FTC) report to bolster your case as you're recovering your accounts. If you're a victim of fraud, report it to the FTC at ReportFraud.ftc.gov, the agency that investigates and prosecutes perpetrators of fraud. Similarly, if your identity is stolen, visit IdentityTheft.gov to report it and get a recovery plan.
• Change your passwords on any affected sites immediately. If you clicked a link and entered credentials, change your password for your email and any affected accounts, such as your bank or credit card.
• Freeze your credit. A credit freeze locks out anyone seeking to review your credit when someone tries to open an account. You have the right to place a credit freeze on your credit reports with all three credit bureaus (Experian, TransUnion and Equifax) immediately if you believe fraudsters have enough information to open new accounts in your name.

Learn more: Steps to Take After Identity Theft

Take Steps to Protect Yourself From Scammers

If you get an unsolicited and suspicious email, remember to stay calm and take your time. No matter how urgent the message appears, don't let yourself be rushed into a bad decision like clicking a link or sending money. Taking a moment to review the email more closely can help you spot the warning signs of email spoofing before you make a mistake.

You also have tools at your disposal to help protect your information against fraud and identity theft. A free dark web or privacy scan can show you if your data is already exposed. Free credit monitoring can alert you to new credit inquiries and account activity so you can act quickly.