ExecProtect: A solution for display name spoofing
by Hoala Greevy Founder CEO of Paubox
This month we steadily added customers to a new solution we’ve built to combat Display Name Spoofing. We’re calling it ExecProtect.
This post is about why we built ExecProtect, how it works, and how it provides value to your organization.
Display Name Spoofing Attacks
Data breaches via phishing attacks sit top of mind for C-Level executives and IT Directors across the globe.
Display Name Spoofing is the phishing attack method that’s causing havoc across the internet now.
As we outlined in a previous post, Display Name Spoofing attacks appear to come from a person of authority within a company.
When this is coupled with:
- The fact that at least 70% of all email is now read from a smartphone.
- By default, email apps on a smartphone only show the Display Name of the sender. If you want to see the actual email address, further action (i.e. friction) is required.
The net effect is that if you see an email from your boss on your phone, you’ll probably open it immediately, not bothering to think about the actual email address it came from.
Display Name Spoofing attacks are leveling up in sophistication too.
Long gone are the days of typos, deposed Nigerian princes, and run-on sentences.
Examples of advanced sophistication include:
- No attachments to scan
- No links to inspect
- The sending IP address is not listed on any RBL (Real-time Blackhole List)
- Many Display Name Spoofing attacks are sent from valid Gmail, AOL, and Yahoo accounts
- The Display Name of the sender is from a C-level executive (CEO, CFO, COO, etc).
- The email is short, to the point, and introduces urgency
- They often insert phrases like “Sent from my iPad” at the bottom. This is done to give the appearance it was authentically composed at a moment’s notice
In a nutshell, Display Name Spoofing attacks are working. Up until now, the good guys have been losing the battle.
This is why we built ExecProtect.
ExecProtect: How it Works
ExecProtect, which is a concatenated version of Executive Protection, is a new feature we added to Paubox Email Suite Plus.
Here’s how it works:
Step 1. We work with our customers to get a list of the C-level executives being impersonated within their organization. This would include their names and email addresses they use to communicate with staff.
Step 2. We add those entries into our ExecProtect database.
Step 3. If an email comes in that matches a name on the ExecProtect list and does not match an email tied to it, the email is immediately quarantined. This approach prevents the malicious email from reaching the end user’s inbox.
Step 4. We send an email notification to the customer admin(s) notifying them we’ve stopped a Display Name phishing attack.
It’s simple, effective, and it works.
ExecProtect: How it Provides Value
Our customers have shared valuable stories with us on how ExecProtect is providing value to their organizations.
For example, a few weeks ago we stopped 50 Display Name Spoof attacks from reaching a customer in a single day. Today we stopped a dozen more from reaching their inboxes.
Within the past few months alone, C-level executives and IT Directors have told us:
“We have a huge threat of people impersonating our executives and trying to commit fraud against our organization.”
“At the end of the day, our top risk is being phished. That’s gonna lead to a breach.”
“Our organization is hyper-sensitive about being on the front page of WSJ for a data privacy breach.”
ExecProtect helps prevent all of these scenarios.
ExecProtect & HITRUST
ExecProtect is a new component of Paubox Email Suite Plus.