Domain spoofing: What is it and how does it work?

November 11, 2020

According to, spoofing is “a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.” On the internet, three things are the most commonly spoofed: emails, IP addresses, and domains.

Spoofing TypeDescription
Email spoofingA fraudster sends an email that looks and reads like it came from a familiar party, such as a colleague, a government agency, or a bank
IP address spoofingA cybercriminal creates a fake Internet Protocol (IP) address to impersonate that of a legitimate computer system or system component. In a distributed denial-of-service attack, hackers can falsify the IP addresses of countless internet-connected devices so that:


  1. Perpetrators will be hard to trace.
  2. Victims can’t notify device owners who are unwittingly participating in the attack.
  3. IP blockers that utilize blacklists won’t work.
Domain spoofingA phisher registers and uses a domain name that is very similar to that of a legitimate entity to impersonate that entity or one of its members. They can use spoofed domains to send fraudulent emails and send people to fake websites that look like exact copies of real websites.


Spoofed domains are also used to commit ad fraud. Crooks can submit their spoofed domains in ad exchanges so that advertisers will bid for ad spaces on their fake sites instead of on real ones.

In this post, let’s take a closer look at domain spoofing.

Domain spoofing enables email spoofing

One of the ways email filters weed out malicious emails from legitimate ones is by examining their metadata, particularly their headers. For example, if an email’s sender domain does not match its originating domain, that’s a clear sign of fraudulent activity.

However, domain spoofers get around this security barrier by forging the originating domain to match the sender domain they used.

Fake websites are built on spoofed domains

Certain alphanumeric characters look very similar to one another, especially in sans serif fonts. This allows domain spoofers to trick us with imperceptibly altered letters. For example, “PayPal” and “PayPaI” look the same, but the second one uses a capital “i” at the end.

Additionally, our minds tend to autocorrect text when context informs us of what is actually intended by the writer. To illustrate, we’ll read “fiend” as “friend” if the context of what we’re reading makes it seem that “friend” is what was meant. This means that we can also misread URLs based on our expectations. For instance, in an email, we’ll misread “” as “,” especially if the email contains graphical elements and verbiage that make it seem like it came from Cloudflare.

Our misreading of links provided in spoofed emails makes us think that it is safe to click on them. When we do, we’re brought to a spoofed website that looks like the real thing. There, a fake login page can capture our access credentials, or the website may automatically download malware such as spyware or ransomware onto our devices.

On a related note, online advertisers are also fooled by spoofed domains. Instead of placing their ads on premium web publishers, they end up wasting their money on lower-quality websites. Ad fraud especially hurts publishers. First, they lose ad revenue that they would have legitimately earned to spoofed websites. Second, they also lose potential ad revenue since advertisers will tend to stay away from them to avoid being burnt twice.

Domain spoofers are crafty and can easily switch between fake domains to avoid detection. However, since the primary way to disseminate malicious links is via phishing emails, you would do well to augment your email defenses with Graphus’ anti-phishing software. If fraudsters think they’re smart, wait till they meet our AI. See it in action for yourself by signing up for a FREE demo today!

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus