Support for Base64 Encoding added to ExecProtect

Featured image

Share this article

 

Base 64 encoding support added to ExecProtect

In order to provide advanced protection against Display Name Spoofing, we recently added support for Base64 encoding to Paubox Email Suite Plus.

In this blog post, we’ll discuss what it is, how it’s being abused, and how we added support for Base64:

What is Base64 Encoding?

Base64 encoding is a method used to represent binary data over mediums limited to printable characters only. In fact, email is one such medium and is a classic use case for Base64.

The name Base64 comes from the fact that each (binary) character is represented via 6-bits. In other words, 2 to the power of 6 equals 64.

In a nutshell, Base64 encoding is a way of taking binary data and turning it into text so that it’s more easily transmitted over mediums like email.

Why is Base64 Encoding used in Email?

Base64 encoding was originally used to accurately transfer email messages, including attachments, over the internet.

Unfortunately, this encoding technique is now being abused by bad actors (i.e. hackers) to deliver malicious Display Name Spoofing attacks.

How are Bad Actors using Base64 to Avoid Detection?

As we covered in this post, bad actors use Display Name Spoofing to exploit organizations. They do this by relying on authority, sophistication, and the fact that a majority of email is now read on smartphones.

Learn more: Executive Protection for Display Name Spoofing

Taking it up a notch, bad actors are also using Base64 encoding to evade detection by email filters.

For example, let’s say a bad actor wanted to impersonate the CEO of an organization via Base64 encoding.

If the CEO’s name is Laurie Bream and her email is [email protected], the From: address field would normally look like this:

From: “Laurie Bream” [email protected]

Using Base64 however, it can be obfuscated to read:

From: IkxhdXJpZSBCcmVhbSIgPGxhdXJpZS5icmVhbUByYXZpZ2EuY29tPg==

Without Base64 encoding support, this obfuscated Display Name Spoofing attack would pass through undetected.

How we added support for Base64 Encoding in ExecProtect

As a recap, ExecProtect is a feature within Paubox Email Suite Plus that protects against Display Name Spoofing attacks.

By adding preprocessing support for Base64 encoded email to ExecProtect, we’ve taken our patent-pending solution for Display Name Spoofing attacks up a notch.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022