Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
3
Replies

impersonation email from the CEO

dexter.legwabe
Level 1
Level 1

‎10-03-2023 05:19 AM

Good day,

we have an email sent to employees "from the CEO" the email is an impersonation email, the business would like assistance in regards with the policies 

Labels:
0 Helpful
3 Replies 3

Ken Stieers
VIP
VIP

‎10-03-2023 07:53 AM

So there are a few ways to tackle this:

1. Its items like this that gave rise to marking mail as "External" on its way in... if its external, its NOT from the CEO.
2. If they've spoofed your domain, you can point your ESA at your own DMARC/DKIM/SPF, which ought to just toss it.
3. Content filters if they're using a "lookalike" domain, and for other keywords you know your CEO won't use (eg. "Office of the CEO")
For domain lookalikes I use KnowBe4's free Domain Doppleganger tool. https://www.knowbe4.com/domain-doppelganger

0 Helpful

dexter.legwabe
Level 1
Level 1
In response to Ken Stieers

‎10-05-2023 01:04 AM

I guess, i am answered we only looking at the email address not the names, example Donald Trump <rtyba@gmail.com> , Cyrial Ramaphosa <rtyba@gmail.com>, Presidents names wont be taken as impersonation

 

0 Helpful

Ken Stieers
VIP
VIP
In response to dexter.legwabe

‎10-05-2023 04:46 AM

In this use case, you could also look at Forged Email Detection.

It's a content filter that uses fuzzy match on the from head header.
0 Helpful
Customers Also Viewed These Support Documents