Email spoofing basically comes down to sending emails with a false sender address. This can be used in various ways by threat actors. Obviously pretending to be someone else can have its advantages especially if that someone else holds a position of power or trust with regards to the receiver.
Why spoof the sender address?
Although most well-known for phishing purposes, there are actually several reasons for spoofing sender addresses:
- Hiding your true identity, although if this is the only goal it can be achieved easier by registering anonymous mail addresses.
- Easy to rotate. If you are spamming, you are bound to be blacklisted quickly. If you’re able to switch sender addresses, who cares?
- Pretending to be someone the receiver knows. This can be used to ask for sensitive information or just plain orders to transfer funds.
- Pretending to be from an organization the receiver has a relationship with. Phishing attempts to get hold of bank login details etc. are the most common example.
- To give the sender a bad name. Sending out insults or other messages that put the so-called sender in a bad light.
- Identity theft. Being able to send messages in someone’s name can be the start of an identity theft procedure.
