top of page

KAPPA TECHNOLOGY BLOG 

Lucy Hoover

HOW TO COMBAT DISPLAY NAME SPOOFING


WHAT IS DISPLAY NAME SPOOFING?

Display name spoofing is a tactic used by phishers where the email being sent looks like it's coming from a trusted source, like your boss or a co-worker.... A common tactic employed by cyber-criminals when they go on phishing expeditions is to impersonate someone you know or a source that you trust. Their goal is to get personal data, passwords, money transfers or gift cards, just to name a few. In fact, billions of dollars have been lost because of simple emails that impersonate your bosses and co-workers and ask for wire‐transfers or credibly request that other sensitive data be sent back to the impersonator. Display Name Spoofing can be dangerous, because the sender’s email address is not forged per se, so it is difficult to block emails with forged display names.


HERE’S HOW IT WORKS:

For illustrative purposes, let us say our person in a position of authority at your company we wish to impersonate is J. Piers Rawling, and his real email address is PRawling@FSU.edu

Cybercriminals simply register a new email address with a free email provider, we will use g-mail for this example. Using the same name above, J. Piers Rawling our person of authority at your company, the hacker creates an email on a g-mail account (e.g. J. Piers Rawling <js465636@gmail.com>) Technically, the email address is valid, so emails sent from these accounts will slip through anti-spam filtering.


No e-mail program will not block these phishing emails, because the email address is not forged.

The hope is that the recipient won’t look at the sending address (js465636@gmail.com), and instead just look at the sending display name (J. Piers Rawling.) Some recipients may even assume that the sending email is the personal email of the executive and believe it to be real. But beware.

Also, employees may believe that because the email looks like it has come from someone they are familiar with and with the standard company email signature signoff from that person, that the email is legitimate. Unfortunately, attackers can also use the same email signatures at the bottom of emails sign-offs as legitimate senders.



EXAMPLE:

To add insult to injury, many email clients – especially smartphone email clients – only display the sender’s name by default, but not the email address. For example, the Mail app on the iPhone requires you to tap on the sender’s name to reveal an email address.



HOW TO PREVENT THIS?

Well, you can’t. As a result, the first and last line of defense is your employees. everyone needs to be vigilant and be prepared to identify emails using the Display Name Spoofing technique. Sadly, this is prone to human error as employees may not verify the full details of every single incoming email under certain circumstances – like in stressful situations such as fast-approaching deadlines or lack of attention to detail. Employees should be trained to identify deceptive emails with forged “display names.”

Here are some things to look and think about:

  • When you receive an email, look at both the name and the sender's email address. Is it correct?

  • Look for red flags, such as does my boss normally send me emails about wire transfers or gift cards.

  • Look to see if there are misspellings.

  • Ask yourself, would your boss ask me this?

  • Why would your boss ask for your personal passwords or personal information?

  • Don't post the email address of employees and leaders at your company on your website.


If you are not sure about the email you received, CALL THEM. Do not email, as the cyber-criminal will be the one to respond.

There is no way to prevent these types of emails from coming through. Staying vigilant and looking for the signs of these hackers is the only way to stay safe.

bottom of page