Trials and demos
How to buy

What is spoofing?

Spoofing is a type of cybercriminal activity where someone or something forges the sender's information and pretends to be a legitimate source, business, colleague, or other trusted contact for the purpose of gaining access to personal information, acquiring money, spreading malware, or stealing data.

Cisco Secure Email

    How spoofing works

    What does email spoofing look like?

    The most common type of spoofing is done through email. Similar to phishing scams, spoofing emails can be hard to detect. Typically, a false sense of urgency is conveyed in the way spoofing attacks are written, which often is the reason why end users react to them.

    The telltale signs of a spoofing email include:

    • Incorrect grammar
    • Poor spelling
    • Badly written sentences or phrases
    • Incorrect URL: This can be deceptive and look correct--until you hover over it to uncover the actual URL.
    • Misspelled email sender address: The name of the sender or domain--or both--may be misspelled. This can be hard to recognize when viewed quickly and may, for instance, contain the number "1" instead of the letter "I."

    How do I defend against spoofing?

    The best defense against email spoofing is a layered approach to your email security that includes a robust defense against phishing, spoofing, business email compromise, and other cyber threats. You will want functionality that lets you find, block, and remediate threats to inbound and outbound email.

    Also look for:

    • Best-in-class threat intelligence, so threats are provided in real time and are immediately actionable
    • Multi-factor authentication that protects against credential theft
    • Phishing protection that stops deception threats
    • DMARC authentication and enforcement that protect your brand's reputation
    • Malware protection that can spot risky files in attachments and provide sandboxing
    • End-user training to continually expand and enforce your workforce's knowledge of cybersecurity risks.

    Other types of spoofing

    Text message spoofing

    Text message spoofing, also known as "smishing" (sms text message + phishing), is similar to email spoofing. It occurs when a text message pretends to be from a legitimate source, such as Amazon or your financial institution. The message often contains a malicious link. The intent is to acquire your personal information.

    Caller ID spoofing

    Caller ID spoofing happens when phone scammers change their phone number and caller ID name to conceal their true identities.

    URL spoofing

    URL spoofing occurs when hackers create a fake domain and website in order to obtain personal information from victims or infect a user's network with ransomware.

    IP address spoofing

    IP address spoofing can occur on a network when an IP address is intentionally misrepresented as the source IP address in an IP packet. The purpose is to impersonate another computing system.

    DNS spoofing

    DNS spoofing is often referred to as a "cache poisoning" attack. A DNS cache poisoning attack locates and then exploits vulnerabilities that exist in the DNS to draw organic traffic away from a legitimate server and toward a fake one.

    More about DNS attacks

    Resources

    Get started

    Cisco Secure Client (including AnyConnect) Cisco Duo (multi-factor authentication) Cisco Meraki auto-provisioning VPN Cisco router security Cisco Zero Trust Security Small Business Security

    Connect with us

    Learn more about Cisco Secure Email Secure Email free trial

    Related security topics

    What is email encryption? What is email security? How does a VPN work? How to set up a VPN? What is two-factor authentication? What is endpoint security? What is an endpoint protection platform (EPP)?