Spoofing is a class of attack in which a malicious actor disguises their identity or the origin of a communication to gain unauthorised access, steal data or spread malware. Common forms include email spoofing (forging sender addresses), IP spoofing (falsifying source IP addresses), DNS spoofing (redirecting domain name lookups) and caller ID spoofing. These techniques are frequently used as a precursor to more targeted attacks such as phishing or man-in-the-middle interception.
Defending against spoofing requires a combination of technical controls and user awareness. Email authentication protocols such as SPF, DKIM and DMARC help verify sender legitimacy, whilst network-level controls like ingress filtering can detect forged IP packets. Regular security awareness training ensures that employees remain vigilant against social engineering attempts that leverage spoofed identities.