Spoofing is a malicious practice employed by cyber scammers and hackers to deceive systems, individuals, and organizations into perceiving something to be what it is not. Communication is initiated by the spoofer to the victim or system from an unknown source but disguised to present itself as an authentic and safe sender. If you have ever received an email from a seemingly familiar source asking you to update your profile details because some funny system upgrade was necessary, then you have experienced spoofing.
A “spoofing attack” is a form of social engineering where an outsider attempts to impersonate some company (e.g., your email provider) or someone (e.g., your CFO) in order to get you to take some type of action, from clicking on a malware link to wiring money.
Phishing and spoofing are clearly different. One downloads malware to your computer or network, and the other tricks you into giving up sensitive financial information to a cyber crook. Phishing is a method of retrieval, while spoofing is a means of delivery.