• Your IP: 34.239.154.240 (VA, United States)
  • Your ISP: Amazon.com
  • Your Status: Unprotected
  • Get Protected

November 14, 2022

Everything You Need to Know About Email Spoofing

Posted by

In our last blog post, we went through the basics of email phishing. Phishing happens when a cybercriminal uses email to trick their victims into giving up personal information, like banking credentials, SSN numbers, and more. Most phishing attempts use a method called “email spoofing,” in which an email is designed to look like it came from a trustworthy source, like the victim’s bank. These emails are designed to look real but they go deeper than that; the sender’s signature looks legitimate and the links inside the emails take victims to web pages that look completely real too. However, it’s all clever deception. So how do you avoid falling for the trap if it looks legitimate in every way? Here’s everything you need to know about email spoofing and protecting yourself against it:

  • What is spoofing?
  • Why do people do it?
  • How is email spoofing done?
  • How do I protect myself against it?

What is Spoofing?

Spoofing happens when cybercriminals forge the header/originating address of emails. This makes it look like that message originated from a different source. The emails may look like they’ve come from a legitimate business such as a popular online store, or a banking institution. They may also look like they come from people you know personally like friends or coworkers. By allegedly originating from a trustworthy source, these messages have a higher likelihood of being opened than other spam emails.

Why do People do it?

There are a few reasons criminals use email spoofing, but they normally boil down to two purposes: phishing, and spam. Phishing is when someone online is trying to obtain sensitive information from you. Phishing emails are most likely to ask you to input some sort of data within the email itself. For example, a phishing message that appears to be from your bank may request that you sign in to your account to address a problem, right from the email itself (or through a link provided in the email). If you do, the person on the other side of the message might see your username and password. They can then access your account in future.

Another possible phishing message can appear to be from your boss or a coworker asking for system access credentials. If you respond with the information, then the security of your company (and your job, for that matter) becomes compromised.

The other main reason for email spoofing is spam. Because these messages look more trustworthy when compared to other types of spam, they’re more likely to be clicked. If you’re lucky, the inside of the email will just be apparent spam that you will recognize and delete. However, many of these emails contain links that, if clicked, can download malware onto your device.

Spoofing may also be used for committing identity theft or tarnishing the reputation of an email user. However, these reasons are less common.

How is Email Spoofing Done?

While we all like to think that criminal geniuses run spoof attacks, the truth of the matter is that it’s actually very easy to do. All a person needs is a Simple Mail Transfer Protocol server and an email service such as Gmail or Outlook. With these two pieces of tech, the user can edit different fields within the email such as the header and originating address. Although many email systems have developed tools for detecting and filtering spoofed messages, these methods still need improvement and have been adopted very slowly.

How do I Protect Myself Against Spoofing?

Because some spoofed messages are extremely sophisticated, many people have difficulty picking them out from real ones. You might get some protection by using a secure VPN service, which encrypts your data and prevents your email address from falling into the wrong hands in the first place. However, there are some best practices you can implement with every email you open to stay protected in every eventuality.

Keep Your Anti-Malware Software Up-to-Date

If you accidentally click a malicious link in a spoofed email, your anti-malware software should be able to detect it and block it (or warn you about the link even before you click it).

Don’t Share Sensitive Info

Even if you trust an email 100 percent, you should never share sensitive information through emailed messages. Once you’ve sent the message, its security and privacy is out of your hands and anything can happen to it. Whether you suspect spoofing or not, implement a policy of never sending personal data, like financial information, through email.

Use Strong Spam Filters

Many email services allow you to set the strength of your spam filters. Use the strongest possible settings to protect yourself from spoofed emails.

If You’re Not Sure, Don’t Click

If you don’t have full confidence in an email link or download, just don’t click it until you’re positive it’s safe. For an email from your bank, call the bank and ask about the validity of the message (but don’t use any phone number found within the email itself in case it’s fraudulent). If a coworker has sent you an email, you can also check with them that they were the one to send it before you open any links or start any downloads.

Check That Links Are Secure

If you do trust a link enough to open it, check its level of security once it is open. If the URL starts with HTTP instead of HTTPS, it isn’t secure and you should never input any personal information into that website.

Look at the Email Address, Not Just the Display Name

Most email servers allow you to choose or change which name you want to appear alongside your message. However, you should always compare the display name to the actual address. If the display has the name of your great aunt but the address says “[email protected]” then you’re probably being spoofed.

Examine the Email’s Content

While some spoofed messages can appear indistinguishable from a legit one, there are a few signs to watch out for that can tell you if a message is real or not. If the subject line is designed to frighten you or spur you into an action (for example: your account has been suspended), it could be a spoof. Another sign of a fake message is spelling mistakes. One mistake might not be cause for alarm but several is more likely to indicate danger. A third trick to try is to hover over links in the email. If you hover over the link, there should be a little pop-up to tell you the URL the link will take you to. If it’s suspicious, you’ll know not to click it. Finally, if the email is too vague or too jargon-y, stay on your guard and verify its authenticity if possible before taking any action with it.

Get Technical

While visual signs of spoofing are great to look out for, sometimes those signs just aren’t there. If that’s the case, you can take a technical look at the email. First, examine its header. The email address in the header should match the address you expect it to be from. In the header, you can also take a look at the “received” field. The email address there should match the name of the sender. Finally, take a look at the return path, which should also match the expected address of the sender. You can also conduct a reverse IP address lookup, to see where the sender of the email originates from. If the email should come from Detroit, Michigan but the IP address is somewhere in Nigeria, it’s probably a spoof.


Email spoofing is a real threat to online privacy and security but it doesn’t have to be. By understanding how it works and how to avoid it, you can stay protected.

Posted by

More Blog Posts

Online Presence

November 21, 2022

Privacy Tip of the Week: Monitor Your Online Presence

Hey, you. Yeah, you. We have a job for you. Open up your favourite search engine right now and type in your name. While it might seem vain and narcissistic at first, periodically searching your name online is actually incredibly important to maintaining your online safety, privacy, and reputation. Here are four excellent reasons to […] Read more
Privacy Tip of the Week: Cover Your Webcam and Mic

September 16, 2022

Privacy Tip of the Week: Cover Your Cameras and Mics

Our homes are filled with cameras. They’re on our computers, phones, doorbells, TVs, refrigerators, and vacuum cleaners. Sure, it’s great to Zoom with your cool aunt who travels the world for a living. And who wouldn’t want to be able to peek into the fridge while grocery shopping because you aren’t sure how many eggs […] Read more
Teach Kids Privacy

September 9, 2022

Privacy Tip of the Week: Teach Kids About Online Privacy

Millions of people around the world have never experienced a time before the internet. They were born into the fastest moving technological era of all time, some seemingly with an iPhone in their hands. In many cases, the youngest of children can operate a computer better than most adults. The internet is hugely beneficial to […] Read more

Grab the limited deal now!

Our best price ever! Get HotBot VPN for 66% off today. Our app can be used on up to 6 devices at a time, doesn't limit speeds, and increases security and freedom when using the internet.

{{ localCurrencyFn }}
1 Year Plan
{{ getPlan(Plans.YEAR).currency }}

{{ trialPriceNumeric(planIndex(Plans.YEAR)) }}

/mo

Save 66%

{{ getPlan(Plans.YEAR).oldPrice }} {{ getPlan(Plans.YEAR).formatPrice }}

Billed every year.

1 Month Plan
{{ getPlan(Plans.MONTH).currency }}

{{ trialPriceNumeric(planIndex(Plans.MONTH)) }}

/mo

{{ getPlan(Plans.MONTH).monthPrice }}

Billed every month.

Get the HotBot VPN Mobile App.

Download our apps for iOS and Android