The act of disguising a communication or identity to appear as a trusted source. Spoofing can target email addresses, phone numbers (caller ID), IP addresses, websites, or even GPS signals.
The act of disguising a communication or identity to appear as a trusted source. Spoofing can target email addresses, phone numbers (caller ID), IP addresses, websites, or even GPS signals.
Think you've been targeted?
Paste the suspicious content here for an instant analysis.
No signup · 6 detection layers · Results in seconds · Cmd+Enter
Spoofing is a foundational technique used in many types of cyberattacks. It's the digital equivalent of wearing a disguise. By making communications appear to come from a trusted source, attackers dramatically increase the likelihood that victims will engage with malicious content.
Email spoofing changes the "From" field of an email to show any address the attacker wants. Caller ID spoofing makes a phone call appear to come from a legitimate number, like your bank. Website spoofing creates a copy of a legitimate website at a similar-looking URL.
Spoofing is enabler of phishing, vishing, smishing, and many other attacks. Technologies like SPF, DKIM, and DMARC were created to combat email spoofing, but adoption is still incomplete across the internet.
In 2024, scammers spoofed the caller ID of a major UK bank and called customers claiming to be the fraud department. Because the phone number matched the one on the back of their bank cards, many victims trusted the callers and provided one-time passcodes that were used to drain their accounts.