Glossary / Fraud & scams
Email Spoofing
Email spoofing is the forging of an email's sender details so a message appears to come from a trusted person or company, and is commonly used to make payment fraud look legitimate.
What is email spoofing?
Email spoofing forges the sender information on a message so it appears to come from someone you trust. The simplest form is display-name spoofing, where the visible name reads “Jane Smith, CFO” while the real address underneath is a stranger’s. More advanced spoofing forges the sending domain itself so the address looks genuine at a glance. In finance, it is the dressing that makes fraud look ordinary: a spoofed email from a known supplier attaches a real-looking invoice with a new bank account, or a spoofed message from an executive asks for an urgent transfer. On a phone screen, where only the display name shows, it is especially easy to miss.
Why it matters for Australian finance teams
Spoofing is a core building block of business email compromise and payment redirection fraud, which the ACCC’s Scamwatch tracks as major sources of business losses in Australia. It works because staff reasonably treat a familiar sender as proof of authenticity. Controls like SPF, DKIM, and DMARC reduce domain spoofing, but display-name tricks and lookalike domains still slip through, and busy accounts payable teams cannot inspect email headers on every message. The risk is that a forged “from” line quietly authorises a payment to the wrong account.
How ezyshield helps
ezyshield treats the sender as unproven and verifies what actually matters: whether the person or business owns the account you are about to pay. It confirms bank account ownership before money moves and re-verifies on any change, so a spoofed request to redirect funds does not translate into a payout. It is not an email-authentication tool and does not replace SPF, DKIM, or DMARC. See how it works and how we stop payment redirection fraud.
Also known as: spoofed email, display name spoofing
Last updated: 7 July 2026
Related terms
- Phishing Phishing is a scam where fraudulent emails, texts, or websites pose as a trusted organisation to trick people into revealing passwords, financial details, or approving payments.
- Business Email Compromise (BEC) Business email compromise (BEC) is a scam in which an attacker hacks or impersonates a company email account to trick staff into transferring money or changing payment details.
- Payment Redirection Fraud Payment redirection fraud is a scam where criminals trick a business into sending money to a bank account they control, usually by posing as a supplier and changing the payment details on an invoice.
See also: Business email compromise , Payment redirection fraud , Accounts payable fraud prevention
Stop payment fraud before money moves
Verify the person, business, and bank account before any payment leaves your account.