Email spoofing is when the sender address of an email is forged for the purposes of a social engineering.

Spoofing can be put to a number of malicious uses.

Phishers (criminals who trick users into revealing confidential information) use spoofed sender addresses to make it appear that their email comes from a trusted source, such as your bank. The email can redirect you to a bogus website (e.g., an imitation of an online banking site), where your account details and password can be stolen.

Phishers can also send email that appears to come from inside your own organisation (e.g., from a system administrator), asking you to change your password or confirm your details.

Criminals who use email for scams or frauds can use spoofed addresses to cover their tracks and avoid detection.

Spammers can use a spoofed sender address to make it appear that an innocent individual or company is sending out spam. Another advantage for them is that they are not inundated with no-delivery messages to their own email address.