Email Spoofing


Email spoofing occurs when a message appears to be sent from someone you know but is actually sent from a cybercriminal. Some of the most common spoofed emails appear to come from someone you know and ask you to perform a financial transaction for them. These transactions can include:

  • Changing banking information
  • Buying gift cards
  • Mailing checks.

Spoofing is easy to do and almost impossible to prevent. It can be as simple as placing a false return address on an envelope when you mail something through the U.S. Postal Service. In this example, the letter would appear to be sent from the spoofed return address printed on the envelope.

When someone spoofs an email address, the email account often remains secure. However, you may begin to see undeliverable messages and unusual emails in your inbox. This is because the hackers are routing messages to your email address.

Identify a Spoofed Email

Vigilance in identifying suspicious messages is the most effective protection against these types of attacks. A primary indicator of a spoofed message is when the known sending email address is different than the email address in the "reply to" field. This "reply to" address is most often a address created by the attacker. Visit to learn more about identifying characteristics of phishing and spoofing emails.

If you believe you have received a suspicious message or you experience any suspicious activity with your email account, contact the CTS Help Desk at 412.396.4357 or