Forum Discussion

sumo83's avatar
sumo83
Iron Contributor
Jun 24, 2024

Display Name Spoofing very often recently - how to prevent it

Hi experts,

 

recently, I have noticed increase in emails that tries to impersonate sender  (Display Name Spoofing). The Display name shows a real user from our organization, however the sender email/domain is totally different. 

 

I thought I had the protection configured properly but looks like that is not the case :/. I have anti-phish policy with Impersonation as below:

  • few critical users listed in "Enable users to protect"
    • was going to enable it for all now, but there is no option like that, ..and it looks I need to manually add all internal users
  • Enable domains to protect
    • Include domains I own (does this include all domains I have registered in M365? See below). I would expect this will prevent these emails
    • Include custom domains - I have nothing here, but I am not sure now whether my few domains created in M365 - including default domain, needs to be added here? As from what I know, the custom domains are the domains I create in M365.

 

Would like to check what is the proper way to configure protection against these email attacks. 

 

We use M365 E3 + M365 E5 Security

  • Hi sumo83,

     

    Could you clarify what actions you've set for messages flagged as user impersonation? What's your phishing threshold value? Additionally, have you enabled mailbox intelligence and intelligence for impersonation protection?

     

Resources