Most of us know spam when we see it, but seeing a strange email from a friend or worse, from ourselves, in our inbox is pretty disconcerting. If you’ve seen an email that looks like it’s from a friend, it doesn’t mean they’ve been hacked. Spammers spoof those addresses all the time, and it’s not hard to do.

Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source.  The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.

Spammers have been spoofing email addresses for a long time. Years ago, they used to get contact lists from malware-infected PCs. Today’s data thieves choose their targets carefully, and phish them with messages that look like they came from friends, trustworthy sources, or even their own account.

Spoofed email is simply email that has someone else’s address in the ‘From’ field or is made to look like it’s coming from someone else. Spammers can get email addresses for spoofing in a variety of ways – hacking someone else’s account and stealing their contact list, buying mailing lists from companies, etc. But they don’t have to actually get into your email account/PC to get your address.

Spoofing real email addresses is surprisingly easy, and part of why phishing is such a worldwide problem.