Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

1 min read

Support for Base64 Encoding added to ExecProtect

Support for Base64 Encoding added to ExecProtect

In order to provide advanced protection against Display Name Spoofing, we recently added support for Base64 encoding to Paubox Email Suite Plus. In this blog post, we'll discuss what it is, how it's being abused, and how we added support for Base64:

 

What is Base64 Encoding?

Base64 encoding is a method used to represent binary data over mediums limited to printable characters only. In fact, email is one such medium and is a classic use case for Base64. The name Base64 comes from the fact that each (binary) character is represented via 6-bits. In other words, 2 to the power of 6 equals 64. In a nutshell, Base64 encoding is a way of taking binary data and turning it into text so that it's more easily transmitted over mediums like email.

 

Why is Base64 Encoding used in Email?

Base64 encoding was originally used to accurately transfer email messages, including attachments, over the internet. Unfortunately, this encoding technique is now being abused by bad actors (i.e. hackers) to deliver malicious Display Name Spoofing attacks.

 

How are Bad Actors using Base64 to Avoid Detection?

As we covered in this post, bad actors use Display Name Spoofing to exploit organizations. They do this by relying on authority, sophistication, and the fact that a majority of email is now read on smartphones. Learn more: Executive Protection for Display Name Spoofing Taking it up a notch, bad actors are also using Base64 encoding to evade detection by email filters.

For example, let's say a bad actor wanted to impersonate the CEO of an organization via Base64 encoding. If the CEO's name is Laurie Bream and her email is laurie.bream@raviga.com, the From: address field would normally look like this: From: "Laurie Bream" laurie.bream@raviga.com Using Base64 however, it can be obfuscated to read: From: IkxhdXJpZSBCcmVhbSIgPGxhdXJpZS5icmVhbUByYXZpZ2EuY29tPg== Without Base64 encoding support, this obfuscated Display Name Spoofing attack would pass through undetected.

How we added support for Base64 Encoding in ExecProtect

As a recap, ExecProtect is a feature within Paubox Email Suite Plus that protects against Display Name Spoofing attacks. By adding preprocessing support for Base64 encoded email to ExecProtect, we've taken our patent-pending solution for Display Name Spoofing attacks up a notch.

 

Try Paubox Email Suite Plus for FREE today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.