Email spoofing guide

Understand and reduce email spoofing risk.

When you are ready, use the free cyber security check to review your own domain.

Use this guide to understand the risk first. Use the free cyber security check when you want a practical view of your own domain and email posture.

Business impacts of spoofing

Fraudulent payment transfersAttackers impersonate trusted contacts to redirect money.
Invoice redirection scamsSpoofed communications can alter billing details and payment destinations.
Exposure of sensitive informationStaff may reply with credentials, customer data, or internal documents.
Operational disruptionTeams lose time verifying messages and responding to confusion.
Reputational damageCustomers may question whether communications from your brand are trustworthy.
Loss of customer trustTrust can be hard to rebuild after spoofed email reaches your contacts.

Urgent payment change requestsUnexpected pressure around bank details or invoice handling.
Unusual wording or grammarMessages that feel off compared with the sender's normal style.
Slightly altered domain namesLookalike domains are a common way to create false trust.
Pressure to act immediatelyAttackers often force urgency so normal checks are skipped.
Requests for confidential informationSensitive requests should always be verified through another channel.
Unexpected links or attachmentsTreat unplanned documents, downloads, and log-in links with caution.

SPF, DKIM and DMARC protectionCore email authentication controls that help receiving systems evaluate trust.
Anti-phishing monitoringOngoing visibility helps teams spot new exposure before it becomes routine.
Secure email gatewayA gateway can add screening and policy enforcement around risky messages.
Employee awareness trainingPeople need clear examples and simple escalation habits.
MFAMulti-factor authentication reduces damage from credential theft.

The free cyber security check includes SPF, DKIM, and DMARC posture alongside broader domain and web exposure signals.