Display name deception is the most common form of email spoofing and is often successful because many email clients (especially on mobile devices) show only the display name. With this kind of attack, criminals can insert the identity of a trusted address masking the real email address in use. Since common consumer mailbox services, such as Gmail and Yahoo, allow a user to specify any value in the display name, this type of attack is simple and cheap to stage from such a service. For example:
- David Smith <[email protected]>
- [email protected] <[email protected]>
When an email is confirmed as dangerous by our Visible-IR (Incident Response) Team, the following banners may appear at the top of the email. In addition to this banner the email may be moved to either your Junk or Deleted email folder depending on the threat detected