Display name spoofing in emails

| 08 Aug 2020

Display name spoofing is a tactic used by phishers where the display name in email preview looks like it's coming from a known or credible source but has a altogether different mail id from unsolicited domains. According to GreatHorn, a  cloud-native security platform, "91% of phishing attacks are display name spoofs." 

The recent one and most common one being the mails impersonating RBI. More in the link here  . We often don't pay heed to the actual email address and tend to go by the display name and may end up opening the mail only to fall prey to fraudulent attacks.  Given how convenient it is to change the display name of mail accounts.

Only a minor change in mail preview(considering example of gmail here, but most have similar preview) can help in significantly lowering the number of people that click on these mails. It can be to include the email address of the sender right below the display name as shown in the image(gmail app view). This can help user verify the credibility of the source . For instance, if the mail is from a domain 'mydomain.com' and has an email id like <name@gmail.com> , it is clear that it's not from 'mydomain.com' and may or may not be fraudulent and user can decide further action based on this information.


You might also like