Spoofing is an English word that means – “being something or someone and projecting as something or someone else”. An unsuspecting customer from State Bank of India gets an email from the official id of the bank and it is addressed to him by name and even his account number is mentioned in the mail. The customer feels that the mail is genuine as it fulfills all the requirements of one. It asks the customer to go to his account and say – “cancel a transaction that he may not have done”. The customer has been also provided a link in the mail to direst him to his account. He clicks the link goes to the site fills in his account details and password and cancels the transaction. He has fallen prey one of the most common cyber crimes – “spoofing”! This is mail spoofing and this is very easily done – using all the technological inputs and support that is available to a cyber criminal in the digital world. This usually starts with a fake mail – that is a mail sent by one individual but displaying the name and email address of any other user or individual. There are a host of such sites offering fake mail services – emkei.cz; fakemailgenerator.com; emailfake. com; deadfake.com; mailinator.com; guerrillamail.com etc. Most of these are free of cost too! Some email service providers have developed various filters to detect such mails and warn the user or send such mails directly to the spam mail folder. But some email providers have not and even in those that have provided some fake mails slip through. The other requirement for the criminal is that he requires the email id, name and account information or other relevant information to ensure that the attack looks real to the victim. This information is gathered through hacking. The mail is then sent with some emergency situation (card will be blocked, transaction is being attempted from account and needs to be blocked etc) or a temptation as the topic. The time given to react is also very small – this is to ensure that the victim does not have enough time to think or even to ask. In each circumstance the victim stops thinking rationally and gets swayed either by fear (of the emergency portrayed) or greed (of the temptation given) and the time given to react is also so little that the victim is automatically propelled into the next stage in this offence, which is sending the victim to a fake site to elicit personal information from him. In these spoofed mails generally a link is displayed, so that the victim can press this and directly reach the site where the criminal wants to send him. Actually it is possible by the process of hyper linking to display a particular link address and when the victim presses that he goes to another site, one which is a fake site but is designed to look exactly like the site that the victim thinks he is going to. Example is that the link displayed in the fake mail is www.sbionline.com but when the victim presses that he will go to a fake site named www.sbiionline.com. The criminals keep similar looking names because once the victim is directed to the fake site and if he happens to look at the Uniform Site Locator (URL) on the top of the webpage he will look at a very similar looking URL and once gain get tricked into believing that he has gone to the right website. Then he will feed his personal information (account number, user name, PIN number, password etc) into this fake site and exit. He will feel that he has averted the emergency or achieved some gain – but in reality he has passed on all his personal information to the criminal and that he will use to financially harm him or damage him in some other manner. This is the cyber offence of email spoofing and how it works. The best way to prevent damage from such offences is that the citizens always harbor suspicion in case of emails from unknown sources. Even such mails that come from known sources have to be doubted if they are presenting an emergency or temptation to the user and the time for reaction is very limited. Most important method of protection against such a crime is that the citizens make it a habit to never press the links provided in the emails to go to any particular site. They must open a fresh browser page and type out the entire link address by hand and press enter then they will go to the real site and not a fake one, as the criminals desires. This habit the citizens, young and old, should develop for all links provided in all mails – genuine or fake. That way they will never fall victim to this cyber crime called mail spoofing.