1 min read

Display name spoofing: A solution

Picture of Hoala Greevy Hoala Greevy June 14, 2019

Email security
Presenter giving a business presentation to executives in a conference room

Last week I wrote about the problem with Display Name Spoofing in email security, why you should care, and what we're doing about it.

Based on feedback we've gotten since then, a second post on the topic is needed.

 

Phishing is a Top Breach Risk

Gibson's Bar & Steakhouse in Chicago where Paubox executives presented to dental industry leaders

Gibson's Bar & Steakhouse in Chicago

Last week Greg Hoffman and I flew to Chicago to present to a dozen executives in the dental industry.

In a conference room at the tony Waldorf Astoria, I shared with them:

  • Our unique approach to secure email
  • Our commitment to security via the HITRUST RightStart program
  • How the incumbents have failed to deliver a viable solution thus far
  • Traction and plans for the future

 

Later in the day, we caught up with a CIO of one the large dental associations we presented to. As we shared how Paubox is delivering value to the market, we got on the topic of phishing attacks via Display Name Spoofing. He mentioned all of his peers in the industry are currently experiencing this problem. That viewpoint matches the data we've compiled via our monthly HIPAA Breach Reports.

In a nutshell, email breaches have been the primary HIPAA breach point for 2019 and most of 2018.

See also: HIPAA Breach Report for June 2019

He also shared this with me: “At the end of the day, our top risk is being phished. That’s gonna lead to a breach.”

In short, Phishing is a top breach risk in healthcare.

 

A Solution to Display Name Spoofing Attacks

Email screenshot showing spoofed sender display name and mail headers demonstrating display name spoofing attack

Here's how we solved Display Name Spoofing attacks with Paubox Email Suite Plus.

Step 1. We work with our customers to get a list of the C-level executives being impersonated within their organization. This would include their names and email addresses they use to communicate with staff.

Step 2. We add those entries into our Display Name Spoofing protection database.

Step 3. If an email comes in that matches a name on the Display Name Spoofing protection list and does not match an email tied to it, the email is immediately quarantined. This approach prevents the malicious email from reaching the end user's inbox.

Step 4. We send an email notification to the customer admin(s) notifying them we've stopped a Display Name phishing attack. It's simple, effective, and it works.

See Related: US Patent Office Approves our Approach to Display Name Spoofing

 

Try Paubox Email Suite Plus for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Person holding cash while reviewing documents and examining multiple phones and devices

How to protect your organization from BEC attacks

Heather C. Orr : December 24, 2019

Business email compromise (BEC) attacks have increased 1,300% since January 2015, totaling over $3 billion in losses according to the FBI’s Internet...

Email security
Read More
Developer working at desk with laptop and monitor displaying code

Support for Base64 Encoding added to ExecProtect

Picture of Hoala Greevy Hoala Greevy : October 7, 2019

In order to provide advanced protection against Display Name Spoofing, we recently added support for Base64 encoding to Paubox Email Suite Plus. In...

Email security
Read More
Straight highway through forested mountains at sunset

Display name spoofing attacks via LinkedIn

Picture of Hoala Greevy Hoala Greevy : August 21, 2020

Last year we released ExecProtect, our patented solution for Display Name Spoofing attacks. Packaged as part of Paubox Email Suite Plus, ExecProtect...

Email security
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.