In a nutshell, email spoofing is the creation of fake emails that seem legitimate. This article analyzes the spoofing of email addresses through changing the From header, which provides information about the sender’s name and address.
SMTP (Simple Mail Transfer Protocol, the main email transmission protocol in TCP/IP networks) offers no protection against spoofing, so it is fairly easy to spoof the sender’s address. In fact, all the would-be attacker needs is a tool for choosing in whose name the message will arrive. That can be another mail client or a special utility or script, of which there is no shortage online.
Email spoofing is used in both fraudulent schemes and targeted attacks against organizations. Cybercriminals use this technique to convince victims that a message came from a trusted sender and nudge them into performing a specific action, such as clicking a phishing link, transferring money, downloading a malicious file, etc. For added credibility, attackers can copy the design and style of a particular sender’s emails, stress the urgency of the task, and employ other social engineering techniques.