Email spoofing is the act of misleading an email recipient about the origin of that email - it may look like it's coming from a familiar sender or domain, but it's actually coming from somewhere else. The two most common email spoofing techniques are:

• Changing the From: name in an email to trick the recipient into thinking the email comes from someone other than who really sent it.
• Sending emails from a domain that looks similar to a legitimate sender's domain.

For instance, you might get an email that looks like it's from "John Smith (j.smith@coolexample.com)", but the header From line actually says "j.smith@coolexarnple.com".

How to spot email spoofing and what to do about it

Spoof emails often:

• ask you to follow a link and/or respond with sensitive information
• make things seem like an emergency or a time sensitive situation

If you suspect email spoofing, immediately read the email's header to confirm what domain sent the email. Look for From:, X-Sender: or Reply-to: in the header for the best information.

If you receive an email that you think is spoofed or fake, reach out to the sender by another means. Don't reply to the suspicious email sent to you. Instead, contact the sender at a pre-existing contact point you already have, like a known good phone number or email address.