• Log In
  • Sign Up
  • Contact Us
PowerDMARC
  • Features
    • PowerDMARC
    • Hosted DKIM
    • PowerSPF
    • PowerBIMI
    • PowerMTA-STS
    • PowerTLS-RPT
    • PowerAlerts
    • Reputation Monitoring
  • Services
    • Deployment Services
    • Managed Services
    • Support Services
    • Service Benefits
  • Pricing
  • Power Toolbox
  • Partners
    • Reseller Program
    • MSSP Program
    • Technology Partners
    • Industry Partners
    • Become a Partner
  • Resources
    • DMARC: What is it and How does it Work?
    • Datasheets
    • Case Studies
    • Blog
    • DMARC Training
    • DMARC in Your Country
    • DMARC by Industry
    • Support
  • About
    • Our company
    • Clients
    • Contact us
    • Book a demo
    • Events
  • Menu Menu

What Is Email Display Name Spoofing & How To Prevent It?

Blogs
What Is Email Display Name Spoofing How To Prevent It 1

Email display name spoofing is one of the types of social engineering attacks  that involves the falsification of data to artificially modify the perception of other individuals. Spoofed emails can fool even the most honest employees at an organization into thinking that they are communicating with the CEO or other senior executives.

The most convincing spoofed email will almost always get through, since even people who are supposed to check it will be fooled by its fraudulent appearance.

Hackers use their fake identities to make all those involved in an online transaction think they are talking to one particular person without them knowing there is another person behind the screen.

Therefore, the purpose of this process is to enable hackers to ‘fake it until they make it’ in their phishing attempts.

What is Display Name Spoofing?

Email Display Name Spoofing is an email scam perpetrated by fraudsters who use someone’s real name (known to the recipient) as the display name for their emails.

This is done by registering a valid email account with an email address different but the display name the same as the contact they want to impersonate. Therefore, the recipient will think they are getting an email from a trusted person in their contacts–but it’s not them.

For example:

A hacker might impersonate himself as “Ben, the CEO of XYZ company” by using the exact display name that “Ben, the CEO” has set up on his official email address. And then apply this forged display name to a valid but different email address from the actual email address used by “Ben, the CEO”.

Since most modern email platforms like Outlook just display the email sender’s name (instead of the sender’s actual From: email address) to the recipient–for the sake of user-friendliness–the recipient might fall into the trap set by the hacker.

The recipient will accept the email legitimately sent by “Ben, the CEO” when in reality it’s not because the From: section (which is usually hidden by default by most email platforms) has a different email address than “Ben, the CEO” actually uses.

Display Name Spoofing Becoming a WideSpread Phishing Scam: But Why?

Over the years, the use of display name spoofing has become more and more common in phishing scams. This is because displaying a name that is identical to the actual From: email address can trick many people into believing that it’s actually from someone they know or trust.

➜ Proliferation of Smartphones

Email display name spoofing is becoming a widespread phishing scam because of the proliferation of smartphones.

As email clients on mobile devices don’t display an email’s metadata, it allows for email display name spoofing. This means that when a recipient opens an email from someone he doesn’t know, he will only see the sender’semail display name and not the From: address.

As you can imagine, this makes it easy for a scammer to trick people into thinking they are interacting with someone they know.

➜ Bypasses Spoofing Defense Mechanisms

The reason this type of fraud is so effective is because email display name spoofing is done via a legitimate email address. Because it bypasses most spoofing countermeasures, such as SpamAssassin, these phishing emails are often very difficult to filter out.

➜ Email Metadata Is Hidden

Most people are used to the idea that an email should look like it came from their friends or family. In reality, most people don’t read the full metadata of an email and thus fall for the trap.

This is why hackers can target user interfaces that were designed with ease of use as a priority. Most modern email client apps don’t show metadata for ease of readiness; therefore, the From: address is hidden from plain view until a recipient clicks on it to see full metadata.

Most recipients don’t read full email exchanges—they just rely on the display name to authenticate them. Thus, they fall for this phishing scam because they assume that if an email looks like one they know, then it must be legitimate and safe.

How To Avoid Becoming a Victim of Email Display Name Spoofing?

Don’t rely on display names to authenticate email. If you’re not sure, then check the email exchange to see if it’s actually from who it says it is. Here are more useful tips to prevent email display name spoofing.

1. First, head over to the email message in question and extract all of the metadata from it. This will give you access to the sender’s name, email address, and complete email header information. If this is spoofing, then it is likely that some of the metadata is not what it seems. For example, if you notice that the email address doesn’t match up with any other accounts in your contact list, then it’s a good indication that this is a phishing scam.

2. Check your SPF records. These are lists of domains that have permitted mail from their domain to be delivered (or rejected).

3. Check your DKIM records. These are lists of domains that have signed your mail with their private key to verify its authenticity. If any of these records don’t match up with the domain in the email header, then it’s a good indication that this is spoofing.

4. Check your DMARC records. These are lists of domains that have set up a policy to reject mail if it fails any of the above checks. If this record doesn’t match up with the domain in the email header, then it’s a good indication that this is spoofing.

5. If you see a hyperlink that looks like it points to an official page, but takes you somewhere else, this is a good indication of spoofing. If you see typos or other errors in the text of the email, this can also be an indication of email display name spoofing.

Creating Transport Rule for Email Display Name Spoofing

Transport rules are a way to block or allow specific emails that have been sent from outside the organization. They are applied to individual email messages, which means you can use them to specify which messages should or should not be delivered.

The transport rule for CEO “Ben” is as follows:

Apply this Rule if…

1. Sender is located outside the organization.

2. A message header matches… ‘From’ header matches ‘Ben’.

Do the Following…

Prepend the Disclaimer ‘<disclaimer>’

With this transport rule, any email message that comes from outside the organization and contains the word “Ben” in the From header will be blocked and sent to a user-defined mailbox. This prevents the fake Ben from being able to spoof the actual Ben’s address and display name. The disclaimer prepended to each blocked message alerts users that this is not an authentic business email and should not be opened or responded to.

How PowerDMARC Fights Email Display Name Spoofing For The Protection Of Your Business?

Email display name spoofing is on the rise, and PowerDMARC is here to help you fight it. We enforce DMARC protocols like DKIM and SPF checks, which are essential tools for fighting email spoofing. We also use machine learning to generate a predictive model of email spoofing threats and then combine these predictions with advanced content analysis tools to maximize your protection against email phishing attacks.

That way if someone sends out an email pretending to be from you in hopes of tricking your employees into clicking on it, they won’t get through because the filter will catch email display name spoofing as well as typosquatting.

email display name spoofing

  • About
  • Latest Posts
Ahona Rudra
Digital Marketing & Content Writer Manager at PowerDMARC
Ahona works as a Digital Marketing and Content Writer Manager at PowerDMARC. She is a passionate writer, blogger, and marketing specialist in cybersecurity and information technology.
Latest posts by Ahona Rudra (see all)
  • Web Security 101 – Best Practices and Solutions - November 29, 2023
  • What is Email Encryption and What are its Various Types? - November 29, 2023
  • What is MTA-STS? Setup the Right MTA STS Policy - November 25, 2023
September 19, 2022/by Ahona Rudra
Tags: email display name, email display name spoofing, Email spoofing, what is email display name spoofing
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on Twitter
  • Share on WhatsApp
  • Share on LinkedIn
  • Share by Mail
You might also like
powerdmarc stepsStop Email Spoofing in 3 Steps: Configure, Enforce & Monitor
spoofing trends 2021 blogHow to Effectively Prevent Email Spoofing in 2021?
free dmarc lookupCan Your Email Domain Be Spoofed? Check Your Domain Now!
dmarc dkim spfHow to Leverage Email Authentication Solutions (SPF, DKIM, and DMARC) to Stop Email Spoofing?
Email Spoofing SecurityEmail Spoofing Security
Phishing Blog banner 821x308Types of Email Phishing Attacks

Secure Your Email

Stop Email Spoofing and Improve Email Deliverability

15-day Free trial!


Categories

  • Blogs
  • News
  • Press Releases

Latest Blogs

  • Web Security 101 - Best Practices and Solutions
    Web Security 101 – Best Practices and SolutionsNovember 29, 2023 - 4:52 pm
  • What-is-Email-Encryption-and-What-are-its-Various-Types
    What is Email Encryption and What are its Various Types?November 29, 2023 - 12:39 pm
  • mta sts blog
    What is MTA-STS? Setup the Right MTA STS PolicyNovember 25, 2023 - 3:02 pm
  • email display name spoofing
    DMARC Black Friday: Fortify Your Emails This Holiday SeasonNovember 23, 2023 - 8:00 pm
logo footer powerdmarc
SOC2 GDPR PowerDMARC GDPR comliant crown commercial service
global cyber alliance certified powerdmarc csa

Knowledge

What is Email Authentication?
What is DMARC?
What is DMARC Policy?
What is SPF?
What is DKIM?
What is BIMI?
What is MTA-STS?
What is TLS-RPT?
What is RUA?
What is RUF?
AntiSpam vs DMARC
DMARC Alignment
DMARC Compliance
DMARC Enforcement
BIMI Implementation Guide
Permerror
MTA-STS & TLS-RPT Implementation Guide

Tools

Free DMARC Record Generator
Free DMARC Record Checker
Free SPF Record Generator
Free SPF Record Lookup
Free DKIM Record Generator
Free DKIM Record Lookup
Free BIMI Record Generator
Free BIMI Record Lookup
Free FCrDNS Record Lookup
Free TLS-RPT Record Checker
Free MTA-STS Record Checker
Free TLS-RPT Record Generator

Product

Product Tour
Features
PowerSPF
PowerBIMI
PowerMTA-STS
PowerTLS-RPT
PowerAlerts
Reputation Monitoring
API Documentation
Managed Services
Email Spoofing Protection
Brand Protection
Anti Phishing
DMARC for Office365
DMARC for Google Mail GSuite
DMARC for Zimbra
Free DMARC Training

Try Us

Contact Us
Free Trial
Book Demo
Partnership
Pricing
FAQ
Support
Blog
Events
Feature Request
Change Log
System Status

  • Français
  • Dansk
  • Nederlands
  • Deutsch
  • Русский
  • Polski
  • Español
  • Italiano
  • 日本語
  • 中文 (简体)
  • Português
  • Norsk
  • Svenska
  • 한국어
© PowerDMARC is a registered trademark.
  • Twitter
  • Youtube
  • LinkedIn
  • Facebook
  • Instagram
  • Contact us
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Security Policy
  • Compliance
  • GDPR Notice
  • Sitemap
What is Phone Number Spoofing and How to Stop it?What is Phone Number Spoofingwhat is spear phishingWhat Is Spear Phishing?
Scroll to top