Spoofing and phishing are age old techniques used by hackers to gather and use information to infiltrate into a inderviduals digital life.
Hackers can create fake websites with links from emails leading to these websites created to look the same as the official site, asking for a person to sign in, this is known a spoof website, fishing for information, known a phishing.
When receiving an email from a company it is best to check the website after clicking on a link to it to see if it is secure, or to manually enter the website address. Any website with a unusual address tends to not be related to the official website.
With your sign in details being enter into the fake website, the creator of such a website can have your details sent directly to themselves redirected you to the official websites failed to sign in page or an already signed into account, if your login detailed are remembered on the official page.
This gives the illusion that you was on the official page to start with, the illusion of making a smaller error and reentering a password leading to what seems to be a proper sign in, or simply being redirected to a page your are already signed in on, make the spoof website seem like the official website.
Certain email spoofing software can be used to cover up the origins of the sender in the email. Covering this up can go towards being phished for information, where the email seems to come from an official origin, this can be untrue.
Receiving an unusual email from a location may not be where the emails we sent from, covering up the sender information with official information, the information in the contents of the email can be copied from an official email very easily if an official email from the same source is received by the person phishing for information.
If an email is recieved from a email address that can be replied to, like a personal email address, replying to this email will reply to the victim being spoofed, and not the hacker.
If the email address itself is slightly off by a single letter or symbol replying to the email will likely reply to the senders trying to contact using a spoofed account, a fake email address that does not connect to anyone can also be used, and replying to these emails will bounce back with a reply of the email failing to send.
With this information and caution of what website your on or paying attention to odd emails, a user can better protect themselves from account theft and cyber attacks on their digital life.