Forum Discussion

dgillespie-adf's avatar
dgillespie-adf
Brass Contributor
Aug 26, 2020

Block Display Name Spoof in EAC

I'm sure we are all dealing with a tremendous uptick in spam/spoof since Covid so what I am looking to do is combat the Display Name spoof.  The typical scenario is a bad actor sends from a gmail acc...
Microsoft 365 admin center
office 365
  • VasilMichev's avatar
    VasilMichev
    Aug 27, 2020

    You can try a mail flow rule, although there is no "display name" condition available, so you'll have to go with "header matches" or similar. 

Vaman-Kini's avatar
Vaman-Kini
Brass Contributor

dgillespie-adf   I have had success with the Impersonation policy under phishing wherein we tested with <Myname> myname@domain.com added to the list of users to protect and send an email from  <Myname> xyz@somedomain.com . The policy detected it to be impersonation. 

 

I wanted to test this safely with the Senior management email address and trying figure out a safe way to do that.  documentation is here 

mnoah's avatar
mnoah
Copper Contributor
Apr 09, 2024

Vaman-Kini that's great until the threat actor finds a variation of the employees name and uses that.  For example, on linked in an employee might have First Middle Last name.  But in MS only have First and Last. You cannot enter another entry to include the middle name as you will get an "Email already exists" for that email account you're trying to protect.

Resources