Email Impersonation Protection

PhishProtection Technology Protects Against Email Impersonation

The email impersonation challenge

Whether they’re called impersonation attacks, business email compromise, CEO fraud or whaling attacks, email impersonation attacks are typically designed to trick recipients into making fraudulent financial transactions by pretending to be from someone they’re not.

What makes these attacks so challenging is that many don’t use malicious URLs or malware attachments. Asking employees to defend against them is asking a lot. Realistically, email impersonation attacks can only be stopped with email anti-impersonation solutions and anti-phishing solutions.

Email impersonation attacks are prevalent and on the rise

According to KnowBe4, one in six users receives an email-based impersonation attack. According to ESRA, there has been an 80% increase in impersonation attacks over the last quarter (Q2, 2018). Email impersonation has become the preferred method for phishing attacks.

You may think you’re immune if you use a hosted solution like Office 365, but you’d be wrong. Using a hosted solution makes you more of a target not less. Of the impersonation attacks that were detected, 61% were against Office 365 users – making third party office 365 phishing protection solutions an essential requirement.

The two sources of email impersonation

Email impersonation can be accomplished two ways: domain name spoofing and display name spoofing. With domain name spoofing, attackers send an email from a domain that looks like the real domain but has some nearly imperceptible difference. This attack is effective because most email recipients don’t look very closely at the “from” email address.

With display name spoofing, attackers send an email from any domain, usually a free one, but replace the “display name” with the name of an associate or authorized signer on an account. This attack is effective because most email clients, especially mobile ones, only show the display name and not the from address. Rarely can employees be counted on to check the from email address.

There is technology to stop email impersonation

There is a solution that can prevent email impersonation attacks and offer a phishing prevention solution. It’s called DMARC (Domain-based Message Authentication, Reporting & Conformance) and unfortunately most companies have not deployed it. A research report from Farsight Security indicates that less one percent of all domains are authenticated and protected by DMARC.

A report from Agari also provides compelling evidence of the successes of DMARC adoption in protecting customers and brands, driving phishing rates near zero. However, “with DMARC enforcement at only 27% of those firms who have adopted DMARC, it also shows how few enterprises have put these proven controls in place.”


The right solution: DMARC + SPF + DKIM

DMARC, as part of a layered defense that includes Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), is effective against email impersonation.


SPF specifies a list of authorized sending IP addresses for a given domain.


DKIM sends cryptographically signed messages. This ensures the messages weren’t altered in transit between the sending and receiving servers.


DMARC is built on top of DKIM and SPF. It lets users tell their ISPs how they want them to behave if SPF and DKIM fail or aren’t present.

If your company is not using DMARC with SPF + DKIM, you’re not taking full advantage of available technology to give your organization email impersonation protection.

Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7. On any device. With features you’d expect in more expensive solutions:

All Plans Come With

  • Stops business email compromise (BEC)
  • Stops brand forgery emails
  • Stop threatening emails before they reach the inbox
  • Continuous link checking
  • Real-time website scanning
  • Real time alerts to users and administrators
  • Protection with settings you control
  • Protection against zero day vulnerabilities
  • Complete situational awareness from web-based console