This article contains information on Mimecast's Targeted Threat Protection - Impersonation Protect, which combats whaling attacks by analyzing sender domains, display names, email mismatches, and message content, with customizable actions and user notification options.
Targeted Threat Protection - Impersonation Protect tackles the increasing threat of socially engineered Whaling attacks. These threats aim to trick key employees into making fraudulent wire transfers or disclosing personal or corporate information through social engineering, email spoofing, and content spoofing.
Targeted Threat Protection - Impersonation Protect solves this by looking for combinations of key identifiers commonly found in these attacks. For example, Impersonation Protect checks:
-
-
- The similarity of the sender's domain to your internal domains.
- The sender's domain against a list of domains that have been seen sending traffic in the last week. This means it can include domains created at any time (e.g., those created but previously dormant).
- If the sender's display name (usually the first and last name) is the same as one of your internal user display names, excluding the recipient's internal username.
- If a mismatch has occurred between the sender's email address (both Header and Envelope) and the Reply To email address.
- The message content is against one of our Targeted Threat Dictionaries.
-
As an administrator, you can set the number of failed checks a message must fail before it is marked as suspicious. You can also specify whether to take no action, bounce the message, or hold the message.
You can also help users identify messages as coming from outside your organization, regardless of whether any identifiers are triggered. This takes the form of text that can be added to a message's body, subject, or header.
Comments
Please sign in to leave a comment.