TL;DR: Spoofing attacks now exploit remote work, automation, and AI to impersonate trusted sources, drive BEC, DNS redirection, and identity fraud, and bypass traditional filters, according to GlobalSign. The real issue is not just message hygiene but trust assurance across email, DNS, accounts, and human decision points.
NHIMG editorial — based on content published by GlobalSign: Spoofing deserves your attention now more than ever
By the numbers:
- 17 minutes and as quickly as 9 minutes, cly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
Questions worth separating out
Q: What fails when spoofing controls are treated as an email-only problem?
A: Email-only controls miss the wider trust path that spoofing exploits.
Q: Why does spoofing create such a large risk in remote and automated environments?
A: Remote work increases the number of requests handled outside direct human verification, while automation and AI increase the speed and realism of impersonation.
Q: What do security teams get wrong about biometric spoofing?
A: They often treat biometric matching as proof of presence.
Practitioner guidance
- Implement domain authentication enforcement Require SPF, DKIM, and DMARC alignment for all externally facing domains, and move policy from monitoring to reject where operationally feasible.
- Harden identity verification for high-risk requests Add out-of-band verification for payments, credential resets, and executive instructions, especially when a request arrives through email, voice, or messaging.
- Treat DNS integrity as a trust control Use DNSSEC where supported, monitor for record drift, and restrict who can change name server and zone records.
What's in the full article
GlobalSign's full blog covers the operational detail this post intentionally leaves for the source:
- Exact SPF, DKIM, and DMARC considerations for reducing mail spoofing exposure in production domains
- Practical guidance on DNSSEC, BIMI, and code signing controls that strengthen authenticity signals
- Examples of spoofing-specific incident response steps for finance, support, and executive-request workflows
- Behavioural analysis and monitoring techniques used to detect spoofing attempts in real time
👉 Read GlobalSign's analysis of spoofing risks, controls, and business impact →
Spoofing, email authenticity, and the governance gap teams miss?
Explore further
Spoofing is now a trust orchestration problem, not an email hygiene problem. The article treats spoofing as a multi-channel impersonation issue that crosses email, DNS, voice, and branded web presence. That broader framing is correct, because attackers succeed when organisations fail to coordinate technical authenticity checks with human decision controls. IAM and identity verification teams should treat spoofing as a governance layer that sits above individual channels, not as a single control family.
A question worth separating out:
Q: How should organisations reduce the business impact of spoofing incidents?
A: They should combine technical authentication, strict approval paths, and rehearsed incident response for likely fraud scenarios. That means protecting domains, validating request origins, separating duties for sensitive actions, and making sure staff know when to stop a transaction. The goal is to stop trust from turning into unauthorised action.
👉 Read our full editorial: Spoofing is evolving into a trust and identity problem