An image of a letter being caught by a fishing pole with the text "Gone Phishing"

Menu Display

Breadcrumb

What NOT To Do: Phishing & Secure Your Workstation

What TO Do: Phishing & Secure Your Workstation

Asset Publisher

Email Impersonation

Understanding Email Impersonation and Spoofing 

Email-based cyberattacks are among the most common threats faced by organizations. These attacks are highly effective because they rely on social engineering and deception rather than technical exploits. Instead of hacking systems directly, attackers trick people into clicking malicious links or sharing sensitive information. 

The good news is that many of these attacks can be prevented through awareness, attention to detail, and verification. 

What Is Email Impersonation? 

Email impersonation occurs when an attacker pretends to be a trusted organization or individual—such as Microsoft, IT Support, or another staff member—to convince recipients to take a specific action. 

These emails often create a false sense of urgency, encouraging the recipient to act quickly without checking the message for legitimacy. Common goals include stealing login credentials, installing malware, or gaining access to internal systems. 

What Is Email Spoofing? 

Email spoofing is a technique cybercriminals use to make an email appear as though it came from a legitimate source. Attackers falsify sender information by subtly altering details such as: 

  • Email addresses 

  • Display names 

  • Website URLs 

  • Phone numbers 

Sometimes the change is extremely small—such as a single letter, number, or symbol—making it easy to overlook. Email spoofing is often combined with impersonation to make phishing messages appear even more convincing. 

 

 

Example of a Microsoft Impersonation Email 

 

 

In the example above, a phishing email was sent to a staff member while impersonating Microsoft. The email instructs the recipient to “update and retain current credentials” and claims that inactive accounts will be deactivated within 24 hours. 

This message is an example of internal spoofing. The sender information was altered to make the email appear as though it originated from the recipient’s own school email system. This tactic increases credibility, even though the message was sent from an external source. 

Warning Signs 

  • There is an urgent 24-hour deadline made to get you to act immediately 

  • A request to verify or update account credentials 

  • The sender appears internal but is not legitimate 

  • There is a hyperlink to a non-Microsoft website (Retain Current Credentials) 

  • Email looks very generic 

 

Why These Attacks Work 

Attackers rely on psychology—specifically urgency, fear, and trust—to manipulate recipients. Even with advanced protections such as Microsoft Defender, some malicious emails can still bypass technical filters and reach inboxes. 

Because of this, user awareness is a critical layer of defense. Technology alone cannot stop every attack. 

How to Stay Safe 

A few tips to help prevent falling for these tricks is to: 

  • Verify the sender’s email address 

  • Avoid clicking links in unexpected messages 

  • Be careful of emails that urge you to do something 

  • Never share passwords or verification codes 

 

Sources: