Paubox blog: HIPAA compliant email made easy

ExecProtect+ for Comprehensive Display Name Spoofing Protection

Written by Hoala Greevy | March 14, 2025

We are pleased to announce we have released ExecProtect+ for comprehensive protection from display name spoofing attacks.

What's happening:

  • Several years ago, we released ExecProtect, which provides executive-level protection against phishing and spoofing attacks. 
  • We built ExecProtect because our customers asked for protection against display name spoofing attacks by bad actors impersonating their upper management.
  • Now we've built ExecProtect+, an AI-driven enhancement to ExecProtect, allowing an entire organization to automatically protect against display name spoofing attacks.
  • While ExecProtect was built to protect executives from being impersonated by display name spoofing attacks, ExecProtect+ automatically extends coverage to the entire organization.

How does it work?: 

  • ExecProtect+ automatically compiles a list of all users' names and email addresses within a customer's organization. The list is then populated into a customer's ExecProtect configuration.
  • When a bad actor tries to impersonate an individual contributor in a company, the email is stopped and quarantined by ExecProtect+.

Can I see an example?:

  • Let's say Example, Inc. has 500 employees and uses the domain example.com.
  • Lara Croft <lara.croft@example.com> works as a field technician.
  • Sarah Connor <sarah.connor@example.com> works in the Payroll department.
  • A bad actor abuses the LinkedIn API to compile an org chart of Example, Inc. Now they know where everyone sits in the company.
  • Next, the bad actor creates the following email account: "Lara Croft" <work3@businessmail2.com>

(this is an actual address we've stopped with ExecProtect)

  • Bad actor then sends the following email:


From: "Lara Croft" <work3@businessmail2.com>

To: "Sarah Connor" <sarah.connor@example.com>

Subject: Re:

Good morning,

Before the next payroll is issued, I need to replace the account where my most recent deposit was made due to a change in bank. What information is required?

Lara Croft

Field Technician

Example, Inc.

  • For an organization with 500 employees, it's possible Sarah Connor may reply back and process the change in bank account info.
  • After all, there's no attachment with a virus in it, no link with a phishing scam, and if Sarah reads the email on her smartphone, it's not easily clear what email address was used. All Sarah sees on her smaller screen is the name of the sender, Lara Croft.
  • By using ExecProtect+, Sarah Connor never gets the email, because it's quarantined by Paubox.
  • ExecProtect+ already knows the only valid address belonging to Lara Croft is lara.croft@example.com, not work3@businessmail2.com.

How do I get it?:

How do I enable it?:

  • In the Paubox Dashboard, click Inbound Security, then Settings.
  • Flip the ExecProtect+ toggle to On. 

  • Pau!

Is ExecProtect+ HITRUST certified?:  

The bigger picture:

  • Customer feedback is a core principle of the Paubox Foundations, which are values we care intensely about.
  • ExecProtect+ was built via customer feedback.