Forum Discussion
sumo83
Jun 24, 2024Iron Contributor
Display Name Spoofing very often recently - how to prevent it
Hi experts,
recently, I have noticed increase in emails that tries to impersonate sender (Display Name Spoofing). The Display name shows a real user from our organization, however the sender email/domain is totally different.
I thought I had the protection configured properly but looks like that is not the case :/. I have anti-phish policy with Impersonation as below:
- few critical users listed in "Enable users to protect"
- was going to enable it for all now, but there is no option like that, ..and it looks I need to manually add all internal users
- Enable domains to protect
- Include domains I own (does this include all domains I have registered in M365? See below). I would expect this will prevent these emails
- Include custom domains - I have nothing here, but I am not sure now whether my few domains created in M365 - including default domain, needs to be added here? As from what I know, the custom domains are the domains I create in M365.
Would like to check what is the proper way to configure protection against these email attacks.
We use M365 E3 + M365 E5 Security
- MatejKlemencicBrass Contributor
Hi sumo83,
Could you clarify what actions you've set for messages flagged as user impersonation? What's your phishing threshold value? Additionally, have you enabled mailbox intelligence and intelligence for impersonation protection?