3 Email Fraud Tactics All Marketers Need to Know

The email fraud landscape is a constantly evolving one. Cybercriminals are always coming up with new and sophisticated ways to leverage email to do harm.

Combating threats like these isn’t just your security team’s job. As owners of the email channel, marketers have a responsibility to help protect it.

Fraud can ruin email marketing effectiveness, jeopardizing brand trust and, ultimately, revenue. Customers are 42% less likely to interact with a brand after being phished or spoofed.

The first step to beating the cybercriminals is to understand how they operate. Here are three email fraud tactics all marketers need to know.

1. Spam

Spam is unsolicited email sent in bulk, usually from someone trying to sell something. Spam may (or may not) contain phishing links that trick users into giving up confidential information, or malware sites that download malicious software on a user’s computer.

Spammers harvest valid email addresses in a number of ways, including:

  • Purchasing or trading lists with other spammers.
  • Using special software which crawls web pages, mailing list archives, internet forums, and other public online sources containing email addresses.
  • Launching a “dictionary harvest attack,” or an attack where valid email addresses at a specific domain are found by guessing, using common usernames in email addresses at that domain.
  • Soliciting a valid email address with the promise of a free service or offering.

2. Spoofing

Spoofing is the forgery of an email so that the message appears to have come from someone or somewhere other than the actual source. Spoofing can take place in a number of ways. Common to all of them is that the actual sender’s name and the origin of the message are concealed or masked from the recipient.

Many, if not most, instances of email fraud use at least minimal spoofing, since criminals are trying to avoid being traced.

Major spoofing methods include:

  • Direct domain spoofing, which mimics the precise sending domain of the brand (e.g., [email protected]).
  • Cousin domain threats, which are messages that spoof the brand name but are sent from domains not owned or controlled by that brand. (These domains may resemble the brand’s domain name—e.g., [email protected]—or may not.)
  • Display name spoofing, which mimics the name that comes before the “from” address in the header field of the email (e.g., Return Path <[email protected]>).
  • Subject line spoofing, which mimics the brand in the subject line (independent of the domain or display name) in order to get the recipient to open the malicious message.

The tools necessary to spoof email addresses are surprisingly easy to get. All you need is a working SMTP (Simple Mail Transfer Protocol), a server that can send email, and the right mailing software.

3. Phishing

Phishing is a type of spam that is intended to trick email recipients into giving up sensitive information or credentials for malicious reasons. This information could include social security numbers, bank login details, credit card numbers, and other personally identifiable information (PII).

To conduct phishing attacks, cyber criminals will spoof, or masquerade as a legitimate government agency, bank, retailer or other brand the recipient might recognize. Here’s a glimpse into how they pull it off:



Phishers will either profit directly from data like credit cards and/or the sell data on the black market to other phishers who are developing their own cybercrime schemes.

Ready to protect your customers and your brand? Believe it or not, there’s a lot marketing can do to help fight threats like these. Get The Marketer’s Guide to Email Fraud to learn more.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time