Most people know not to open email attachments from senders that they do not know. Unfortunately, it is not just attachments from strangers that you have to be on the lookout for. It happens quite often that people will get emails that seem to be from known senders that have malicious attachments, or that ask for confidential information. If you get such an email—or if someone gets such an email that appears to be from you but that you did not send—does that mean that your email has been hacked? Not necessarily.
Hacking and spoofing are two methods that bad actors use to manipulate individuals and businesses into doing things that are against their best interests. Hacking and spoofing can appear to be the same at first glance but are actually quite different. The risks of hacking, especially for businesses, are much greater than those posed by spoofing. Neither is desirable, but you want to know the differences between the two so that you and your employees can identify potential compromises to your email accounts.
Hacking vs Spoofing—What You Need to Know
What does it mean when your email account has been hacked?
A hacked email account is something you should be very concerned with. Being hacked means that a bad actor has managed to gain full access to your email account—which could mean that they have access to more than just your email account. There are a variety of ways to hack an email account, including:

Guessing your email password (seems unlikely, but you would be surprised how simple many email passwords are, such as birthdays, anniversary dates, and other information easily obtained on social media)
Answering your security questions correctly
You entered it into a website or form (it may have been a phony website, one that offered you a free gift, or a site you visited from a link in an email)
You used the same password on a different site and the site used it to access your email
You have a spyware program on your computer that recorded you typing in your password and sent it to a hacker
Viruses, malware or other undesirable software is on your computer and allowed a hacker to get your email password

If your email account has been hacked it means you need to take immediate steps to correct the situation. The risks to your system and your company information vary based on the way that the email password was obtained. A hacker guessing the password is much less problematic than having viruses, spyware or malware on your computer. A guessed password simply needs to be changed, whereas an infected computer needs to be cleaned up before more compromises occur that may be even more damaging to your business.
Even if the hacker guessed the password, there is a real risk that he or she could use the email account to access other information or accounts. If you suspect your email account has been hacked you need to take immediate steps to remedy the situation, including:

Check your recent email activity to see if anything was sent that you were not aware of
Change your password
Use different passwords for every account
Start using a password manager to generate random, complex passwords
Update your system to the latest OS and update your security software
Run your antivirus and malware detection programs

What does it mean when your email account has been spoofed?
Although spoofing can look a lot like hacking, it is actually something completely different. When your email has been spoofed, it means that someone sent an email that appeared to be from your email account but was not actually from your account. You can think of it as someone sending a letter and putting your return address on the envelope. Doing this is not too complicated with the right software. The bad actor does not need access to your email account to spoof your account.
Your account is safe even if you have been spoofed. However, having your account spoofed can be quite concerning, especially in a business setting. A bad actor could spoof your email and send a message to an employee asking for sensitive company information. There are a few things you can do to help prevent spoofing of your email address, including:

Do not share your email address with anyone who does not need it for business purposes
Do not allow employees to share your email address

Improving Business Email Security
For more information about improving email security for your business, please contact our IT services team.