What Is Spoofing?

Spoofing is a type of cybercriminal activity where someone or something forges the sender's
information and pretends to be a legitimate source, business, colleague, or other trusted
contact for the purpose of gaining access to personal information, acquiring money, spreading
malware, or stealing data.
 Spoof protection (2:18)

 Cisco Secure Email

 How Spoofing Works

 Other Types of Spoofing
 Related Topics
Contact Cisco
What does email spoofing look like?
The most common type of spoofing is done through email. Similar to phishing
scams, spoofing emails can be hard to detect. Typically, a false sense of urgency is conveyed
in the way spoofing attacks are written, which often is the reason why end users react to
them.
The telltale signs of a spoofing email include:

 Incorrect grammar

 Poor spelling

 Badly written sentences or phrases

 Incorrect URL: This can be deceptive and look correct--until you hover over it to
uncover the actual URL.

 Misspelled email sender address: The name of the sender or domain--or both--may be
misspelled. This can be hard to recognize when viewed quickly and may, for instance,
contain the number "1" instead of the letter "I.""
How do I defend against spoofing?
The best defense against email spoofing is a layered approach to your email security that
includes a robust defense against phishing, spoofing, business email compromise, and other
cyber threats. You will want functionality that lets you find, block, and remediate threats to
inbound and outbound email.
Also look for:

 Best-in-class threat intelligence, so threats are provided in real time and are
immediately actionable

 Multi-factor authentication that protects against credential theft

 Phishing protection that stops deception threats

 DMARC authentication and enforcement that protect your brand's reputation

 Malware protection that can spot risky files in attachments and provide sandboxing
 End-user training to continually expand and enforce your workforce's knowledge of
cybersecurity risks.

Other types of spoofing

Text message spoofing
Text message spoofing, also known as "smishing" (sms text message + phishing), is similar
to email spoofing. It occurs when a text message pretends to be from a legitimate source,
such as Amazon or your financial institution. The message often contains a malicious link.
The intent is to acquire your personal information.

Caller ID spoofing
Caller ID spoofing happens when phone scammers change their phone number and caller ID
name to conceal their true identities.

URL spoofing
URL spoofing occurs when hackers create a fake domain and website in order to obtain
personal information from victims or infect a user's network with ransomware.

IP address spoofing
IP address spoofing can occur on a network when an IP address is intentionally
misrepresented as the source IP address in an IP packet. The purpose is to impersonate
another computing system.

DNS spoofing
DNS spoofing is often referred to as a "cache poisoning" attack. A DNS cache poisoning
attack locates and then exploits vulnerabilities that exist in the DNS to draw organic traffic
away from a legitimate server and toward a fake one.
More about DNS attacks >