With email being the primary (and often times only) source of communication, cybercriminals have taken full advantage by using enhanced spoofing techniques to trick you into responding to a phishing email, downloading a malware attachment, or submitting a form with trusted information to a fraudulent website.

With an email spoofing attack, cybercriminals masquerade as a person or company that you know and trust by altering email features and hoping that you are too busy to pay attention.  Every part of an email can be spoofed including the sender name, display name, reply-to address, domain, and the actual email content.

Here are some guidelines to follow to stay secure:

  • Hover your mouse over the sender name/email address in the header of the email and confirm the domain matches a trusted and valid sender. For example, you may receive an email that looks like it is from your bank at “chase .com” or an email from an associate at “”; in both of these instances it is something as simple as being one space or one extra character to make it a spoofed email.
  • Pay careful attention to the email content. Look for spelling or grammatical errors and instructions to act with a sense of urgency in revealing confidential data.  Most valid companies do not send emails with typos or ask you to update your private details or credit card information.
  • Be very suspicious of links in emails. Hover your mouse over the link to ensure it is a valid URL.  Only click links that come from a trusted source.
  • Be cautious about downloading attachments. Hover your mouse over the attachment to see the entire filename.  When in doubt, do not download attachments.
  • Avoid unsecure public WiFi –never use it for sending personal data, emails, or logging into websites unless the WiFi or website is secured.

If you are concerned that your email account may have been spoofed:

  • Change your password immediately.
  • Scan your device using anti-virus software.

By following these guidelines, you can prevent and defend against spoofing attacks. Just by slowing down, reading carefully, and thinking twice before clicking and responding you can prevent spoofing.