Email Spoofing Explained: How Not to Get Fooled

You don't need to be a computer scientist to spot a fake email. Understanding a few simple tricks used by scammers can keep your personal data safe.

1. The "From" vs "Reply-To" Trick

An email might look like it's from support@apple.com. However, if you click "Reply," the address might change to scammer123@gmail.com. Scammers do this because they can easily fake the initial name, but they need the reply to come back to them.

2. Look-Alike Domains (Typosquatting)

Keep a close eye on the spelling. Attackers buy domains that look almost identical to real ones:

• paypaI.com (with a capital 'i' instead of an 'l')
• googIe.com
• faceboook.com

3. Display Name Spoofing

On mobile devices, many email apps only show the "Display Name" (e.g., "John Smith") rather than the full email address. Scammers set their name to someone you trust, hoping you won't tap the name to see the actual underlying email.

Stay Safe

Remember: No legitimate company will ever ask for your password via email. If an email feels urgent or suspicious, it probably is.

If you're unsure about a domain, you can check its security status with our Email Spoofing Analyzer. It will tell you if the company has proper "locks" on their email domain to prevent these types of fakes.