Display Name Spoofing / Impersonation is a simple but effective way hackers will try and obtain information, divert funds, and defraud you and your staff.
The hackers will look for executives within your company and then create valid email addresses with their display names on common mailing platforms, and then send requests through requesting funds transferred, bank details etc.
In a busy workplace with only a glance at the display name it would be easy to action these requests without further thought.
The problem is this type of spoofing uses valid email addresses from valid domains, but with the same display name as executives, so mechanisms like SPF, DKIM and DMARC won’t pick them up.
However, by implementing a simple mail-flow rule, you can easily add a warning to this type of message which should prompt the end use to proceed with caution.
Here’s how to set it up.
The basis of the rule is the sender is located externally, the recipient is located internally and the message header from field contains a list of names of the executives within your company.
If the criteria are met then we’ll prepend a cautionary disclaimer.
Optionally you could set the Spam Confidence Level (SCL) to 9 to move it in the end users junk mail folder and/or add an exception if you have executives that use their personal email on occasions for company business, and add their valid personal email address as exception.