The Internal Executive Spoofing feature provides protection against spear phishing attacks targeting individuals within your organization. Such emails may come from legitimate (non-spoofed) email addresses, thereby passing other spoofing checks, but use the display name of a known user (often an executive), with the intention of tricking employees into sending money or information.
To enable the internal executive spoofing check:
1.Select Apply internal executive spoofing check to these names.
2.Click the these names link to configure the list of executive and their approved email addresses:
Click Add, and enter a first name and last name (both fields are required). Various combinations of the name are protected (for example, “John Smith” as well as “Smith, John”).
Enter a list of approved email addresses for the executive, separated with a comma or a line break. This list should include any addresses the executive uses, including work or personal addresses.
Click Add to repeat the process for each executive whose name and addresses you wish to check. Click Save when finished.
3. Select an action to perform on messages detected as potentially spoofed.
The options are:
- Quarantine. This is the default option. Messages are kept in quarantine for up to 30 days.
- Discard. Spoofed messages are discarded.
- Tag subject with. The subject line of spoofed messages are tagged with a custom tag that you enter.