Attacks & Threats
Email Spoofing
Also known as: Sender spoofing, From-header spoofing
Definition
Forging email headers so a message appears to come from a trusted sender, typically to enable phishing, fraud, or malware delivery.
Examples
- An email with a forged From: ceo@company.com asking finance for an urgent wire transfer.
- A vendor look-alike domain (acme-corp.co instead of acme.com) sending fake invoices.
Related terms
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.
CEO Fraud
A subtype of business email compromise in which an attacker impersonates a senior executive to pressure an employee into performing an unauthorised wire transfer or sensitive action.
Spear Phishing
A targeted phishing attack tailored to a specific individual or organization using personal or professional details collected in advance.
Typosquatting
Registering domain names or package names that are misspellings or visual look-alikes of legitimate ones, to catch users or developers who make typing or recognition errors.
Invoice Fraud
A fraud in which attackers submit fake invoices, or alter genuine ones, so that payment is routed to attacker-controlled bank accounts.