Impersonation and Spoof Protection
Have you ever received an email….from yourself? But one you never sent? What about one from another employee that they never sent? How about from a vendor asking for an invoice to be paid?
These situations aren’t simply Mandela Effects; it’s called Email Impersonation or “Spoofing.”
These attacks range in sophistication, but the common ones are:
The simple use of an employee’s Display Name on an email sent from some other email address and domain.
Using a similar email address but a different domain name, extremely common with compromised personal accounts.
Spearphish-grade attacks using a “lookalike” domain name, like Micr0soft.com instead of Microsoft.com.
While some of the low grade attacks are easy to spot, when people get busy and are just trying to power their way through a long stack of emails needing attention, it’s unfortunately very easy to only give the briefest of looks at an email’s sender and respond as per normal. When all it takes is one response or a click on someone’s email to lead to a data breach, company structure profiling or worse, preventing even these attacks is another component of a Defense-In-Depth strategy that UpStream excels at.
UpStream can prevent spoofing both at the top domain level when other protection layers like DMARC are not available (learn more about that here) via the Anti-Spoofing feature, or it can be used for individual users, such as executives (CEO, CTO, CFO, managers, etc), who are the most common targets of impersonation attacks due to the amount of authority they have.
UpStream’s Anti-Spoofing features protect both the user’s specific name and email addresses, and with the use of some recent AI enhancements, also protect common shorthand versions of them (Mike for Michael, for example) from display name and email address impersonation, helping to minimize the amount of variations that an attacker can use to make a successful strike. Emails sent from senders trying these methods will fail and only wind up in the Spam category, allowing for later review if necessary.
In addition, IP Address and Hostname whitelists can be made for services that already masquerade as your users, such as marketing platforms like Constant Contact, MailChimp or IP relays like SendGrid, allowing full spectrum spoof protection without compromise.