CMI Blog

Spoofing Emails: What are they, and how do businesses combat them

Our inboxes are bombarded with hundreds of emails on a day-to-day basis – important business emails, event invites, etc. And there’s risky emails like spam and a myriad of different phishing emails too. Emails that pretend to be what they’re not to trick you into revealing sensitive data or making unauthorised money transfers. With the number of emails we receive a day, it’s hard to have our phishing spotting sensors on non-stop, and letting your guard down is easy. Especially if the email looks like it’s coming from a familiar source or someone within your very own business. But that’s what hackers count on, the trust in a forged email sender address and that one split-second of inattention, distraction or bad decision-making. To avoid falling victim to email spoofing techniques, in this article, you’ll learn what it is, how it works, and how you can protect your business from email spoofing attacks.


What is Email Spoofing?

Email Spoofing is a technique used in phishing attacks to trick the recipient into thinking that the email is coming from a trusted source like someone they know or a reputable business. How do hackers accomplish that? They forge the email sender address, making it look like the email’s coming from someone you know and tricking people into clicking malicious links or downloading malicious attachments through social engineering tactics. The way email systems work, a sender address will be assigned to the outgoing message and won’t be able to detect if the address is legitimate or spoofed. If there aren’t any security measures in place and your team isn’t trained to spot these kinds of emails, you can easily fall for this type of scam.


How do hackers spoof an email?

Generally, all a hacker needs to spoof an email is a Simple Mail Transfer Protocol (SMTP) and a mailing software to use it with. These usually allow connections without authentication, and hackers can easily compose emails with malicious links and change the ‘To’ and ‘From’ email addresses with ease. The ‘From’ address could be an international enterprise or any other trusted source you might be familiar with. Hackers may also include any other elements from the organisation’s website or profile – like their logo or other branding elements – to make it look even more authentic.

A very effective and popular phishing attack that uses email spoofing is CEO Fraud. With this technique, hackers will impersonate an organisation’s CEO or business owner and usually targets a business’ HR or finance team to force them into making money transfers or divulge confidential tax information.


Spoofing emails

How can you protect your business from spoofing?

Even if you have email security protocols in place, phishing emails can slip through and easily land in your employees’ inboxes. Here are a few best practises you can follow to prevent falling victim to email spoofing:


  • Look out for grammar or spelling mistakes; these are very common for phishing attacks.
  • Check the 'From’ field to see if it actually matches the sender’s email address; the ‘To’ field for any misspellings, and the email header for any inconsistencies.
  • Be wary of any messages that convey a sense of urgency or ask you to take immediate action.
  • Don’t open any attachments or click on links from senders you’re not familiar with.

Among many other sophisticated phishing techniques, email spoofing attacks threaten the security of your business. That’s why it’s important to practise good cyber security hygiene and train your employees to spot spoofing emails.


Your company’s cyber security position can be rapidly improved with the help of our free, 30-minute no-obligation cyber security consultation. Book a cyber security consultation now and we can begin establishing a robust defence for your organisation.


Get in Touch

Topics: cyber security

Graham Stead

Written by Graham Stead

Graham joined CMI following the acquisition of his previous business in 2016, having successfully run that for business for 20 years. Graham's absolute focus is on making sure that we consistently hold our clients central to everything that we do, and is often heard repeating our mantra "we exist to make a significant positive impact on our clients business". Graham and his team work closely with our clients to educate, inform, and ultimately to provide technology that delivers that positive impact. Outside of the office, he is a huge supporter of Bone Cancer Research Trust and has raised over £130,000 for them in recent years.

Know someone who
would benefit from CMI?