Cyber Doc logo Cyber Doc
Cybersecurity Term

What is email spoofing?

Emails made to look as if they came from a trusted sender, even when they did not.

Email & Fraud Last reviewed: 2026-05-20

← Back to Learn Centre

What is email spoofing?

Email spoofing is when an email is made to look as if it came from a trusted person, business, or domain, even though it did not.

Simple example

A message appears to come from the business owner, but the sender address was forged or manipulated.

Why it matters

Spoofed emails can be used to trick staff into trusting fraudulent requests, clicking links, or approving payments.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Use SPF, DKIM, and DMARC for business domains.
  • Train staff to check suspicious sender details.
  • Use email security filtering where possible.
  • Verify payment or credential requests through a trusted second channel.
  • Use clear internal approval processes for sensitive requests.

Reactive steps

  • Do not reply to the suspicious message.
  • Preserve the email and headers if possible.
  • Warn affected staff if the spoofed message was sent widely.
  • Check whether anyone clicked links, opened attachments, or acted on the request.
  • Review domain email authentication settings.

Related terms

  • Phishing
  • Business email compromise
  • DMARC