Display name spoofing: A root cause of many cyberattacks

Viewing an email display name on a mobile device

Popular culture or our own preferences often skew our perspective on the source of cyberattacks in healthcare. For example, we often assume they result from highly technical approaches rather than simple attack vectors like display name spoofing.

It’s often more convenient to think that all cyberattacks start with a skilled hacker. For example, an eavesdropping attack or an SQL injection attack can require some development chops. A defensive strategy for these types of attacks relies more on technology and security policies than user education and training. In other words, they’re easier to control.

Read more

Healthcare and socially engineered cyberattacks

In reality, however, most healthcare cyberattacks rely on social engineering. With that approach, an attacker tricks employees or partners into taking an action that leads to a breach. In fact, according to Deloitte, “91% of all cyberattacks begin with a phishing email to an unexpected victim.”

SEE MORE: What is an email phishing attack?

Display name spoofing attacks

Display name spoofing is one of the most common types of phishing attacks. With this tactic, an attacker alters the display name on an email header to look like it’s coming from a trusted source. These attacks can be especially dangerous when an employee reads the email with a mobile device. On a smartphone, for example, the actual sending email address is often hidden, leaving only the display name to identify the sender.

According to Cybernews, most spoofing attacks try to “invoke a sense of urgency or fear in victims. This tricks users into clicking on malicious links, sending money to scammers or opening attachments with scripts.” When supposedly coming from a company executive, spoofed emails often just ask for a timely reply, which in turn leads to more damaging instructions.

Paubox ExecProtect: Eliminate display name spoofing

Paubox is helping healthcare companies eliminate display name spoofing attacks through a patented technology called ExecProtect. This innovative tool is available as part of the Plus and Premium editions of Paubox Email Suite. Here’s how it works:

  1. A bad actor sends an email impersonating the CEO or another company executive.
  2. Paubox ExecProtect checks if the email is an approved email address for the CEO.
  3. If it is not, the email is quarantined, and the admin is notified.

Straightforward and effective. Here’s how the IT Director at Jellyvision, a healthcare benefits technology company, puts it: “ExecProtect is beautiful – since we started using it, we haven’t had a spoofed executive email come through.”

ExecProtect provides ease of email security

Leveraging ExecProtect offers a number of compelling benefits to healthcare providers and other covered entities. With it, those organizations are able to:

  • Eliminate display name spoofing attacks, which today cost providers an average of $3.2 million in hard costs and lost productivity per breach.
  • Require zero training for internal teams because attacks are stopped before employees see them.
  • Easily set it up with an existing email platform.

SEE MORE: Paubox Email Suite inbound security

25% off the upgrade to Paubox Email Suite Plus

Because the value of ExecProtect can be so significant, Paubox is on a mission to get the solution in the hands of as many healthcare organizations as possible. That’s why the company is extending a special offer to Paubox Email Suite Standard customers.

The Standard edition of Paubox Email Suite helps customers ensure their email is encrypted and HIPAA compliant. Upgrading to the Plus edition adds protection against unwanted spam, as well as ExecProtect, to eliminate display name spoofing attacks. With that in mind, any Paubox Email Suite Standard customer who upgrades to the Plus edition before the end of 2022 will receive 25% off the annual upgrade price for the first year. That’s powerful protection at a great price!

To learn more about this special offer, visit https://get.paubox.com/email-suite-upgrade.


About the author

Shawn Dickerson

Read more by Shawn Dickerson

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader