Office 365 / Exchange: Stop Display Name Spoofing

Office 365

Display Name Spoofing / Impersonation is a simple but effective way hackers will try and obtain information, divert funds, and defraud you and your staff.

The hackers will look for executives within your company and then create valid email addresses with their display names on common mailing platforms, and then send requests through requesting funds transferred, bank details etc.

In a busy workplace with only a glance at the display name it would be easy to action these requests without further thought.

The problem is this type of spoofing uses valid email addresses from valid domains, but with the same display name as executives, so mechanisms like SPF, DKIM and DMARC won’t pick them up.

However, by implementing a simple mail-flow rule, you can easily add a warning to this type of message which should prompt the end use to proceed with caution.

Here’s how to set it up.

The basis of the rule is the sender is located externally, the recipient is located internally and the message header from field contains a list of names of the executives within your company.

If the criteria are met then we’ll prepend a cautionary disclaimer.

mail flow rule prevent display name spoofing

Optionally you could set the Spam Confidence Level (SCL) to 9 to move it in the end users junk mail folder and/or add an exception if you have executives that use their personal email on occasions for company business, and add their valid personal email address as exception.

Related Posts:

1. How to connect to and manage Office365 using PowerShell

2. Office365 PowerShell: How to the find out mailbox sizes in Office365 (and Exchange 2016) using PowerShell

3. Exchange 2013 Initial Configuration Settings

4. Office 365 PowerShell: How to bulk change Office 365 calendar permissions using Windows PowerShell