Domain Spoofing: Are You Safe?

Can you be spoofed?

What the heck is email spoofing?

One of the most convincing ways to trick you into clicking an email link or opening an attachment is to make it look like it came from your own organisation. That is called domain spoofing, and is a popular and successful approach (“attack vector” to use techie talk) taken by hackers.

Essentially the hackers send you a phishing email from an address that is the same as your own domain to make it look legitimate.  

This is an especially powerful approach when it comes from someone of authority within your organisation, like your boss, or even your CEO.  This type of attack is called Spear Phishing, or CEO Fraud.

Unless your users are highly trained in security awareness, this type of attack is very hard to defend against.

Common Hacker Attack Process

Reconnaissance Phase

A crybercriminal will search commonly available breach data from places like the dark web or Pastebin for your organisation’s email addresses.

They will then gather the publicly available email addresses of your colleagues from places like LinkedIn and even your own web site.

They may use Social Engineering to obtain information from you, your colleagues, or even your friends to make the phishing emails even more genuine.

Phishing Tackle Mascot "Rod" trying to spoof a domain
Attack Phase

Once the relevant information is gathered the phishing attack can start.

For example, they will send emails from your Board, Managers, HR or Finance and because they appear to come from an apparently credible source, your colleagues are more likely to click links and open attachments.

This is a very common and successful attack vector for hackers leaving you wide open to fraud, malware and data breaches.

Would you like to know if your domain can be spoofed so you can address any mail server or DNS configuration issues?

Use our free test to find out if your domain is at risk.

Start your Free Domain Spoof Test


How the Free Test Works

Enter your details

You must use your organisation email address, and not a free account such as Gmail. This service is only to be used by the person in the organisation responsible for email security

We try to spoof you

We create a non-malicious simple email using your own domain, and send this to the address you entered.

Check your inbox

If the email arrives in your Inbox, then your domain can easily be spoofed.  If it lands in your Junk/Spam folders then you are most likely safe. You may also receive a non-delivery report if you have measures in place to protect against domain spoofing.

or contact us for more information / no-obligation demonstration

Start Phishing & Security
Awareness Training Today!

 (no credit card required)

You have Successfully Subscribed!