Paubox blog: HIPAA compliant email made easy

What is ExecProtect?

Written by Kirsten Peremore | January 18, 2024

ExecProtect, developed by Paubox, protects organizations against display name spoofing attacks. It allows users to create a list of high-risk or likely impersonated employees and departments and their authentic email addresses. 

 

How does ExecProtect work?

Execprotect reduces the likelihood of successful phishing attempts and minimizes the need for constant vigilance by individual employees, thus enhancing overall organizational cybersecurity. Here's how ExecProtect operates:

  1. Creation of a protection list: The core of ExecProtect's functionality lies in its ability to let organizations create a list of employees or departments that are likely targets for impersonation. This list includes the names of high-profile or high-risk individuals, such as executives, managers, or departments like finance or human resources.
  2. Linking names to approved email addresses: The organization associates approved email addresses for each name or department on the protection list. This step establishes a baseline of legitimate email communication channels for those high-risk individuals or departments.
  3. Email filtering and quarantine mechanism: When an email that matches a protected name from the list is sent to someone within the organization, ExecProtect springs into action. It checks the sender's email address against the list of approved email addresses. If the email address does not match the approved list, it indicates a potential spoofing attempt.
  4. Quarantining suspicious emails: In cases where the email address does not align with the approved ones, ExecProtect doesn't deliver the email directly to the recipient's inbox. Instead, it quarantines the email, effectively isolating it from the recipient to prevent any accidental interaction that could lead to a security breach.
  5. Administrative alerts: Upon quarantining an email, ExecProtect alerts the system administrators or designated personnel about the potential display name spoofing attack. This notification enables the IT team or cybersecurity personnel to review the quarantined email.
  6. Review and action by administrators: The administrators can then examine the quarantined email to determine its legitimacy. Based on their assessment, they can release the email to the intended recipient if it's deemed safe or delete it if confirmed as a spoofing attempt.
  7. Continuous updates and adaptation: Recognizing the ever-evolving nature of cyber threats, Paubox continuously updates ExecProtect to adapt to new phishing tactics and techniques. This ensures that the protection remains effective against current and emerging spoofing strategies.

Why display name spoofing is a risk to organizations

Display name spoofing poses a significant risk to organizations because it targets their email communication systems, a critical component of modern business operations. In this attack, cybercriminals alter the display name in emails to impersonate trusted individuals, such as executives or departments. This deception exploits users' reliance on display names over email addresses, leading to higher likelihood of employees divulging sensitive information or complying with fraudulent requests. This jeopardizes sensitive data, financial assets, and the organization's reputation.

See also: What is spoofing?

See also: ExecProtect updates guard against the latest display name spoofing attacks

 

How does ExecProtect benefit organizations?

ExecProtect actively enhances organizations' cybersecurity defenses against display name spoofing attacks. Automatically quarantining emails from unauthorized sources that impersonate high-risk individuals or departments prevents phishing attempts before they reach employees' inboxes. This proactive approach minimizes the risk of sensitive information breaches and financial losses. Additionally, by reducing the need for extensive employee training on email security, ExecProtect saves time and resources, allowing employees to focus on their core responsibilities.

See also: HIPAA Compliant Email: The Definitive Guide

 

FAQs

Q: What is the prevention mechanism regarding email spoofing?

A: The primary prevention mechanism for email spoofing involves using email authentication protocols like SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance). Execprotect offers a sophisticated and easy-to-apply mechanism for everyday use.

Q: What display name may be in a phishing email?

A: In a phishing email, the display name is often manipulated to mimic the name of a trusted individual or entity. This could be the name of a high-ranking company executive (like the CEO or CFO), a familiar colleague, a well-known brand, a reputable financial institution, or a government agency. The goal is to create a sense of trust and legitimacy.

Q: What happens if you get spoofed?

A: If your email address is spoofed, attackers might send emails that appear to come from you to your contacts or others. Recipients could be tricked into sharing sensitive information, clicking on malicious links, or downloading malware.