Brand impersonation has soared by more than 30% since 2020, and it’s even scarier to know that 98% of cyberattacks contain one or more elements of social engineering, like display name spoofing

As per the display name spoofing definition, it’s a targeted phishing attack where an email’s display name is manipulated and changed. This makes it look like coming from a genuine source, usually a reputed company or your friend. 

This blog discusses what display name spoofing is, how to prevent it, and more

What is Display Name Spoofing?

Display name spoofing is a tactic used by cybercriminals to make a fraudulent email look legitimate. The common trick is to impersonate someone whom you personally know and often exchange emails with. This can be your boss, co-workers, business partners, customer care representatives, etc. the aim is to establish trust and obtain sensitive information like banking details, social security numbers, OTPs, login credentials, important documents, medical reports, passport details, etc. They can even trick you into making online transactions. 

One of the notorious real-life display name spoofing examples is when both Google and Facebook were tricked out of $100 million between 2013 and 2015. The attacker exploited the fact that both companies used Quanta, a Taiwan-based company, as a vendor. They emailed a series of fake invoices to the company that impersonated Quanta, which both Facebook and Google paid.

How Does Display Name Spoofing Work?

Let’s see what is display name spoofing technique. Phishers create a new email address using free email service providers like Gmail, Yahoo, Outlook, etc. The new email address resembles the address to be impersonated and has the same display name. It bypasses anti-spam filters as the email address is technically valid and unforged. 

It simply works on the fact that often recipients don’t look at the email address, and instead just see the display name. They also ignore that the domain name is missing and the ESP’s name is mentioned, perceiving it as the sender’s personal email address.

Phishers also use the same email signatures at the bottom of the emails to make it look like it’s coming from the genuine sender only. 

Why is Display Name Spoofing More Successful On Mobile Devices?

Do you know email display name spoofing is more successful on mobiles? This is because mobile devices don’t display metadata; therefore, recipients only see the display name, not the From: address. This makes such deceptions easier, divulging victims into sharing sensitive details, clicking on malicious links, making online transactions, etc. 

How Do Display Name Spoofing Emails Pass Anti-Spam Mail filters?

Knowing how to stop display name spoofing is crucial because these emails appear legitimate upon casual inspection by anti-spam mail filters. This happens because email service providers show only the display name over the email address. 

The emails pass the filters as they lack questionable content like unsolicited, unwanted, or virus-infected links. That’s why anti-spam filters aren’t effective against outbound phishing attacks, spoofing attacks, domain impersonation, malware, and ransomware. You can use DMARC to protect your domain against these cybercrimes. Read more about DMARC vs anti-spam solutions.

How to Prevent Display Name Spoofing Emails?

You must educate yourself and your employees to see the red flags indicating illegitimate emails for display name spoofing prevention. Here’s what you should be wary of.

Suspicious Sender Address

Effectively prevent hackers from attempting email spoofing attacks in your company’s name by paying attention to the email address, especially the domain name. Also, cross-check email addresses from previously exchanged conversations. 

No SSL Certificate

SSL stands for Secure Sockets Layer, a code that secures online conversations. It holds information about the domain name, owner, associated sub-domains, etc. So, don’t click on the links starting with ‘http’ and not ‘https’. The ‘s’ indicates SSL protection. 

Websites without SSL certificate can be associated with fraudulent activities. You may use it for just reading some information, but entering details on them is a big no-no!

Unprofessional Content

Look out for grammar and spelling errors, unprofessional graphics, and poorly formatted emails because hackers don’t hire specialists to do such jobs. They even create a sense of urgency in the tone by using words like ‘within an hour, ‘without any delay,’ etc. to rush you through the content so that you don’t catch mistakes. 

Check the Links Before Clicking

Hover the cursor over link or hyperlinked text without clicking it and look at the bottom left corner of your screen. You’ll see the entire link. Click to open the webpage only if you’re sure. If you have accidentally clicked a phishing link, disconnect from the internet and run an antivirus scan.

Unusual Requests

If you’ve received a request to share crucial information like OTPs, passwords, social security numbers, financial details, etc., there’s a possibility that it’s a phishing link. Be careful of links directing you to login pages.

Educate Your Team Members

Train your team members on how to stop display name spoofing and other types of cyberattacks. Instruct them about red flags like unrecognized sender, unusual requests, a sense of urgency in the tone, unrequested attachments and links, etc. 

Smart Emailing is the Key

Online crimes using display name spoofing techniques are common and more prevalently targeted toward IT-driven businesses. Hackers send emails in the name of reputed companies, co-workers, friends, bosses, etc., to request sensitive details or money transfers. Even anti-spam filters can’t protect your domain against phishing and spoofing attacks. You can use email authentication protocols like SPF and DMARC to avert them. SPF or Sender Policy Framework uses a list of IP addresses authorized to send emails using your domain, while DMARC instructs recipients’ mailboxes on how to treat unauthorized emails coming from your domain. You can use one of the DMARC policy– none, reject, or quarantine.