Domain Spoofing Test
Domain Spoof Test
Check to see how easy it is for someone to spoof your website domain with our free domain and email spoofing test - can you be spoofed?
What is domain spoofing?
Domain spoofing is a type of phishing attack where a cybercriminal impersonates a legitimate organisation or person to trick their target into trusting them. The user is then more likely to click on a malicious link or attachment, or reveal sensitive information – like credit card details or login credentials.
The three main types of domain spoofing are:
- Email spoofing
- Website or URL spoofing
- DNS spoofing
Use our free email spoof test below to discover if your domain is at risk of spoofing.
How our free domain spoofing test works
Enter your details
Fill out the form, you must use your organisation email address, and not a free account such as Gmail. This service is only to be used by the person in the organisation responsible for email security
We try to spoof you
We create a non-malicious simple email using your own domain, and send this to the address you entered.
Check your inbox
If the email arrives in your Inbox, then your domain can easily be spoofed. If it lands in your Junk/Spam folders then you are most likely safe. You may also receive a non-delivery report if you have measures in place to protect against domain spoofing.
Start your Free Domain Spoof Test
What is email spoofing?
Email spoofing is a form of domain spoofing. It’s a very popular (and very successful) phishing tactic, where hackers trick their target into believing the email is from a person they know or can trust. They do this by using a fake email address with a believable organisation domain.
Often, the message looks like it was sent from within the target’s own organisation – making it seem legitimate and trustworthy. And unless your users are highly trained in security awareness, it can be very hard to defend against.
Email spoofing is an especially powerful – and dangerous – phishing tactic when the hacker masquerades as someone of authority, like a manager or company CEO. This is also known as spear phishing or Business Email Compromise (BEC), and a successful breach of this kind can cause catastrophic damage to your business.
How to stop domain and email spoofing?
It’s very hard to stop domain spoofing completely, but there are ways to help protect your organisation and defend against the devastating effect of this kind of phishing attack.
1. Protect your domain
Ensure your domain has advanced threat-protocols implemented to help limit the risks of email spoofing. The following three tools are free and available to everyone:
- SPF (Sender Policy Framework)
- DKIM (DomainKeys Identified Mail)
- DMARC (Domain-based Message Authentication Reporting & Conformance)
2. Train your users
Your staff are your first and strongest line of cyber defence. Regular safety awareness training and Click-Prone® testing will teach them how to recognise domain spoofing and other phishing tactics, helping them to protect your network, customers, and business.
Common Hacker Attack Process
Reconnaissance Phase
A crybercriminal will search commonly available breach data from places like the dark web or Pastebin for your organisation’s email addresses.
They will then gather the publicly available email addresses of your colleagues from places like LinkedIn and even your own web site.
They may use Social Engineering to obtain information from you, your colleagues, or even your friends to make the phishing emails even more genuine.
Attack Phase
Once the relevant information is gathered the phishing attack can start.
For example, they will send emails from your Board, Managers, HR or Finance and because they appear to come from an apparently credible source, your colleagues are more likely to click links and open attachments.
This is a very common and successful attack vector for hackers leaving you wide open to fraud, malware and data breaches.
Would you like to know if your domain can be spoofed so you can address any mail server or DNS configuration issues?
Use our free email spoof test to find out if your domain is at risk.