In order to provide advanced protection against Display Name Spoofing, we recently added support for Base64 encoding to Paubox Email Suite Plus.
In this blog post, we’ll discuss what it is, how it’s being abused, and how we added support for Base64:
- What is Base64 Encoding?
- Why Base64 is used in email
- How Base64 is being abused by bad actors
- How we added support for Base64 within ExecProtect
What is Base64 Encoding?
Base64 encoding is a method used to represent binary data over mediums limited to printable characters only. In fact, email is one such medium and is a classic use case for Base64.
The name Base64 comes from the fact that each (binary) character is represented via 6-bits. In other words, 2 to the power of 6 equals 64.
In a nutshell, Base64 encoding is a way of taking binary data and turning it into text so that it’s more easily transmitted over mediums like email.
Why is Base64 Encoding used in Email?
Base64 encoding was originally used to accurately transfer email messages, including attachments, over the internet.
Unfortunately, this encoding technique is now being abused by bad actors (i.e. hackers) to deliver malicious Display Name Spoofing attacks.
How are Bad Actors using Base64 to Avoid Detection?
As we covered in this post, bad actors use Display Name Spoofing to exploit organizations. They do this by relying on authority, sophistication, and the fact that a majority of email is now read on smartphones.
Learn more: Executive Protection for Display Name Spoofing
Taking it up a notch, bad actors are also using Base64 encoding to evade detection by email filters.
For example, let’s say a bad actor wanted to impersonate the CEO of an organization via Base64 encoding.
If the CEO’s name is Laurie Bream and her email is [email protected], the From: address field would normally look like this:
From: “Laurie Bream” [email protected]
Using Base64 however, it can be obfuscated to read:
Without Base64 encoding support, this obfuscated Display Name Spoofing attack would pass through undetected.
How we added support for Base64 Encoding in ExecProtect
By adding preprocessing support for Base64 encoded email to ExecProtect, we’ve taken our patent-pending solution for Display Name Spoofing attacks up a notch.