How display name spoofing works
Display Name Spoofing is a phishing attack where an email’s display name is altered to look like it’s from a trusted source in a target organization (ex., CEO or high-level executive). This makes display name spoofing effective for social engineering attacks, such as phishing and business email compromise (BEC) scams.
Spoofing attacks work by taking advantage of the fact that email clients like Gmail or Outlook display the sender's name more prominently than their email address. The scammer can impersonate a trusted source and dupe recipients into responding, unaware that they are engaging with a counterfeit account. When targeting businesses, bad actors often impersonate recognizable people of power within an organization, as they are likely to drive action by employees. For example, an attacker may use the display name of the CEO to impersonate a company's chief executive officer.
Since people are used to relying on the display name to identify the sender of an email, they're likely to trust the message and take action, such as clicking a link to download malware and ransomware or providing sensitive information to the sender.
How ExecProtect works
Organizations are seeing an onslaught of display name spoofing attacks. ExecProtect effectively catches and quarantines potential attacks, solving the problem and freeing up time IT teams used to spend addressing these attacks.
Paubox Email Suite users can create a list of likely impersonated employees or departments and add approved email addresses for those protected display names. If an email is sent to an employee that shares the name of one of the protected names on the list and is sent from an email account that is not an approved email address, ExecProtect quarantines the email.
A notice is also sent to the administrator of a possible display name spoofing attack. The administrator can review the email and determine if the email should be released or deleted.
ExecProtect reduces the risk of phishing attacks, protects brand reputation, and prevents sensitive data from leaving the organization.
Why are updates necessary?
As scammers' tactics adapt, so must protective solutions. Spoofing attempts evolved from C-suite names or merely titles like "CEO" to impersonating departments like "Support" or "Human Resources."
Paubox understands the landscape is changing, and people are spoofing in new ways, so we've updated the product to stay current with new phishing tactics.
Why Paubox ExecProtect stands out amongst other solutions
Stops display name spoofing attacks
Unlike other product offerings that can only warn recipients of a possible spoof with banners on an email (that are easily ignored by the recipient), ExecProtect places display name spoofing emails in quarantine.
Administrators are notified of attacks as they happen
Paubox will send an ExecProtect notification when a display name spoofing attack is found and quarantined. Administrators can easily keep track of the volume of threats coming in and prove value in display name spoofing prevention.
No employee training needed
ExecProtect doesn't require employee training because attacks are stopped before they reach employees' inboxes.
Protect variations of names
It's possible to protect name variations. For example, if Robert Smith is a protected name, customers can set up ExecProtect to include variations of the name, like Bob Smith or Bobby Smith.
The latest updates to Paubox ExecProtect
- Improved design: it's now easier to use ExecProtect. The streamlined design offers a more intuitive interface when adding names to protect.
- Keywords and phrases: Paubox can now safeguard against spoofing keywords and phrases, like "Human Resources."
- Supports multiple-word names: The update allows for multi-word names like Jack Van Riebeck.
- Alphanumeric character support: protect against alphanumeric characters used, like "J0hn Sm1th."
- Special character support: specifically Hawaiian, French, Spanish, and German.