What is the technique called when an attacker creates a fake email to resemble a legitimate source?

The technique referred to in this context is commonly known as a CEO scam, which involves an attacker impersonating a high-ranking official, such as a CEO, to deceive employees into providing sensitive information or transferring funds. In these scams, attackers create fake emails that closely resemble legitimate communications from the targeted individual or organization. This tactic plays on the trust and authority associated with high-level executives, making the messages seem credible.

The effectiveness of CEO scams relies heavily on the attacker’s ability to craft emails that mimic the style and appearance of legitimate correspondence, often using similar email addresses or domain names. Recipients, believing the request is genuine, are more likely to comply with potentially harmful directives.

Other options such as a watering hole attack involve compromising a legitimate site frequented by the target audience to deliver malware, and spimming refers to spam through instant messaging services, which do not directly relate to the creation of fake emails modeled after genuine sources. Identity theft, while it involves impersonation and fraud, is a broader term that encompasses various methods for unlawfully obtaining personal information rather than specifically highlighting the email impersonation tactics used in CEO scams.