Email Spoofing – Is the email really from the person you think it is?

Author: Jon Isenberg 2-minute read

We’ve all received scam emails from strange addresses and fake accounts. By now, these messages are easy to spot. What’s tougher and more worrisome, is email spoofing—defined as when a hacker purposely alters part of an email or email address to make it appear as though it was written and transmitted by someone else.

Often, the sender’s account and/or domain name are formatted to appear as if the email is coming from a legitimate source. Cybercriminals can easily create an email address that, upon quick glance looks exactly like yours: instead of Some hackers can even temporarily take over your email domain, sending spam messages from your actual address that you might not notice unless a client or contact points it out to you.

Email Spoofing

The toughest email spoofs to combat are the ones that appear to be most accurate. For example, some can even imitate your conversational style, contact list, and email template down to the last detail, making it look like any other email you would normally receive. Once a hacker starts sending out emails purporting to be from your account, it can sometimes take days or even weeks to trace the spoofed emails to their original nefarious source.

In cases of email spoofing, immediate action is required to mitigate the consequences of a scam. The faster you alert a cybersecurity professional or other trusted IT provider, the quicker you can put the brakes on email spoofing and avoid serious impacts.

What are some quick things you can do to help stay safe?

Compare the From field to the Reply field. If the Reply-To address is different from the sending address, use caution. If you suspect you have received a fraudulent email, DO NOT click any link in the message, open any attachment, or submit any requested information. Make sure email passwords are different than those used to log in to devices and social media accounts. That way, if one password is compromised, not all of your accounts will be at risk. Spend time educating yourself and your fellow workers to help ensure proper data security. Lastly, consult your trusted Managed IT and Cybersecurity professional.


Founded in 2003, ELIJAH is a multi-award-winning leader in providing expert digital forensic, data security solutions, and managed IT. ELIJAH is owned and managed by former litigation partners and is an efficient boutique digital forensic, cybersecurity and IT solutions provider that makes clients’ lives easier through effective communication and white glove service. For additional information, please visit or call 866-354-5240.

Recent Posts


Drop us a line at 866-354-5240, email, or send us a message below. We’d love to hear from you!