Email Spoofing or Email Forging

Email Spoofing plays a great role in Social Engineering attacks. Especially in Phishing attacks where you need to convince the target to click on the link.


Email Spoofing

Email Spoofing Meaning?

In email spoofing the sender forges/spoofs the sender's email address according to his wish & sends it to the recipient.


For example- Bob wants to send an email to Sam from Microsoft's official email address to prank him. As Bob is not an employee or the CEO of Microsoft so he does not have any access to email addresses ending with "@microsoft.com", so how he'll prank his friend Sam? Bob will just send a spoofed email to Sam. He'll just replace his email address with "billgates@microsoft.com".


So, if you have ever received any emails from famous personalities or celebrities then the email may not come from the person you're thinking from.

Most of the times spammers/scammers & script kiddies use email spoofing to get login credentials of the victim.


For example- A scammer can spoof his email address to "security@instagram.com" & ask the victim to login using the phishing link, as the email address does not look suspicious the user/victim will enter his/her login credentials in the phishing site. As soon as the victim will enter the login credentials into the phishing site, the scammer will get his credentials & use it to access his account illegally. Though this kind of attacks is not considered to be "hacking attacks" by us (the hackers), we take it as a part of hacking because it uses the concept of Social Engineering which is a major part of hacking.


Is Email Spoofing Illegal?

Yes, spoofing email addresses of other users for illegal purposes is illegal.


Can spoofed email addresses be traced?

Yes, you can spoof email addresses by examining email header in detail, but you cannot trace IP using it.

According to Verizon, email fraud accounts for more than over 90% of the enterprise attacks.


Can you Spoof Email Addresses?

Email Spoofing Tools

Yes, you can, use this site- emkei.cz


You can create a custom php script & upload it on Google Cloud or any other hosting service to spoof emails, the blog post will be updated shortly.



Thanks for reading! Have a nice day.

© 2020 BY ANUKIRAN GHOSH

  • Facebook Basic Black
  • Twitter Basic Black
  • Black Instagram Icon