Email spoofing is a common way for scammers to "phish" individuals or businesses, tricking them into providing personal information like bank accounts, credit card numbers, and social security numbers which allow them to steal identities and any money they have in their accounts. Email spoofing works by tricking the person reading the email into thinking it is from a reputable source, by "spoofing" the return address of an outgoing email message, and hiding the origin of the email message. This also stops it from being traced and makes it extremely difficult for authorities to catch.
The SMTP (simple mail transfer protocol) does not always provide authentication, therefore making the spoofed emails fairly easy to do. By impersonating return senders and companies on the email addresses, the scammer is giving the victim no reason to not trust it and click on any link or attachment contained within the email. They use this tactic for gaining all of the information they need.
Scammers that are involved in email spoofing fraud are more than likely very technologically savvy, and therefore can get past anything in order to make fake emails. What they do is change the properties of the email, including the "From", "Reply To", and "Return-Path" fields. Occasionally, to find out if this email is spoofed, you can click the "Reply To" field and instead of replying to the email's contents, you see different wording indicating a spoofed email, most scammers know this and can forge this address as well, making it very difficult to catch.
The first two rules you should always follow when preventing a virus or phishing attack from Internet fraud, is to never click on a link in an email that seems unjustified and never open an attachment you were not expecting. Ask yourself why this particular business would send an email with a link to click to verify information, rather than calling you or requesting you to visit their web address and change your password there. Secondly, businesses very rarely have attachments in emails, thus there is no reason for you to open or download them. Other methods of prevention include using cryptographic signatures when exchanging authenticated email messages and configuring your mail delivery daemon that will prevent a scammer from connecting to your SMTP port in order to send these spoofed emails.