Spoofing

Network Attacks 🎯 • Threats ⚠️ • Sec+ Glossary 📖 • Security+ 02 • Difficulty: premium

What is Spoofing?

Spoofing is the act of falsifying identity or source information so that a message, device, system, or communication appears to come from a trusted or different origin than it really does.

Examples

An attacker sends an email that appears to come from a company's finance director in order to trick staff into acting on a fraudulent request.
A malicious system on a local network pretends to be the legitimate gateway so nearby devices send traffic through it.

Discover 🔎

Trust in technology often begins with identity. A user trusts the sender name on an email, a system trusts the source of a packet, and a device trusts that the service responding on the network is the one it expected. Spoofing attacks target that trust directly.

Instead of breaking a control by force, the attacker makes something false appear genuine. If that deception succeeds, users or systems may accept instructions, connections, or messages they should have rejected. That is why spoofing matters across so many areas of security. It is not tied to one protocol or one tool. It is a broader method of deception that can appear in email, networks, telephony, websites, GPS, and many other contexts.

Remember: Spoofing is about false identity. The attacker wants the target to believe the communication or source is something it is not.

Summary 📝

Spoofing is the falsification of identity information so that communication or systems appear to come from a trusted source when they do not. It is widely used because many attacks become easier once the victim or system accepts a false identity as genuine. Strong defense comes from technical verification, careful handling of trust signals, and the habit of confirming unusual or high-impact requests through reliable channels.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.