Covers email spoofing techniques where attackers forge sender addresses to impersonate trusted contacts. Learn how spoofed emails bypass basic filters, the role of SPF, DKIM, and DMARC in detection, and practical steps to protect your domain from spoofing abuse.
posts
In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than a series of fake email messages. He impersonated a legitimate hardware vendor, sent invoices from a lookalike domain, and two of the most technologically sophisticated companies on
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes fakeemail schemes — caused over $2.9 billion in adjusted losses across roughly 21,489 complaints. That made it the single most financially damaging cybercrime category in the IC3's annual
The CEO Email That Wasn't From the CEO In early 2025, a mid-sized logistics company wired $3.1 million to a bank account in Hong Kong. The CFO had received an email — apparently from the CEO — requesting an urgent wire transfer for a confidential acquisition. The email address
In March 2025, a mid-size accounting firm in Ohio wired $1.2 million to a threat actor who sent a single spoofed email — a fakeemail that perfectly mimicked the CEO's display name, writing style, and even included a forwarded thread from a real conversation. The email passed every
In January 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — much of it powered by spoofed sender addresses — cost American organizations over $2.9 billion in 2023 alone. Behind a huge share of those losses sits a deceptively simple tool: the fake mailer. These
That Email From Your CEO? It Was a FakeEmail. In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million after attending a video call with what appeared to be the company's CFO and several colleagues. Every person on that call was a
In January 2024, a finance director at a mid-sized logistics company wired $740,000 to a bank account in Hong Kong. The email requesting the transfer appeared to come from the CEO's exact email address — correct display name, correct domain, correct signature block. It wasn't the
A Single Spoof Email Cost This Company $121 Million In 2019, Toyota Boshoku Corporation disclosed that a subsidiary lost $37 million after an attacker used a spoofed email to impersonate a senior executive and authorize a fraudulent wire transfer. That wasn't an isolated case. Business email compromise (BEC)
The FakeEmail Problem Is Bigger Than You Think In March 2022, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that covers most fakeemail schemes — accounted for $2.4 billion in adjusted losses in 2021 alone. That made it the single most financially damaging
In July 2020, a seventeen-year-old in Florida used phone-based spoofing and social engineering to compromise internal Twitter tools, hijacking the verified accounts of Barack Obama, Elon Musk, Jeff Bezos, and Apple. The attackers impersonated IT staff during phone calls to Twitter employees, spoofing caller IDs to appear legitimate. Within hours,
