Email remains one of the most common attack vectors for threat actors seeking access into an organization’s network infrastructure. One of the more stealthy tactics adversaries employ to fool users into clicking on malicious links or attachments is email spoofing, where an email or link appears to come from a legitimate source but has been modified to obfuscate malicious intent. Some common forms of email spoofing include business email compromise (BEC), legitimate domain spoofing, lookalike domain spoofing, and spear phishing. Display name deception involves an adversary obfuscating the sender email address and making it appear from a trusted individual or brand. The spoofing of legitimate domains allows threat actors to use the actual email address of an impersonated individual by exploiting public cloud infrastructure and third-party email services. Finally, spoofing using lookalike domains is where a domain is created to appear similar to a trusted domain with slight (often imperceptible) character modifications. Members are encouraged to discuss email/domain spoofing as part of ongoing security awareness training to increase user vigilance to this method. Read more about Email Spoofing at Agari.