For example, a spoof email could seem to be from a well-known shopping website and ask the receiver for personal information like a password or credit card number. A faked email may also include a link that, if opened, instals malware on the user's device.
Cybercriminals can readily obtain exposed email addresses via compromised mailing lists, public message boards, and even company websites. When the identifying fields of an email message are changed to make it appear as if it came from someone other than the true sender, this is known as email spoofing.
Spam and phishing attempts use email spoofing to fool people into thinking a message came from someone or something they know or can trust. The sender forges email headers in spoofing attacks so that client software shows the false sender address, which most users believe at face value.
Cyber Forensics Masterclass with Hands on learning