What is Spoofing?

When spoofing, a hacker forges the sending address of an email for the purpose of a social engineering attack. Users receiving a spoofed email are more likely to open attachments (which could contain malware) or voluntarily share sensitive information (as in a phishing attack) when they believe they know the sender. Commonly spoofed accounts include banks and online stores, in addition to those within a business. Spoofing may also refer to websites, when a bad actor copies the look of a legitimate website – often with a slight variation of its URL – also for malicious purposes.

How to Recognize This Threat: The sender name may be changed, but the address may not, so cross-check both if you are initially suspicious. Also double-check the return path of the message, and look for typos or other style issues that would not normally be included in a legitimate email.

How to Prevent This Threat: An important line of defense is teaching users on your network to be on the lookout for signs of spoofed messages. But to ensure your security, check out email security and anti-spam solutions from SonicWall or Barracuda’s email security offerings.