This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VIP Impersonation requires an exact name match

I have started to see slightly more sophisticated phishing attempts that are bypassing Sophos VIP Impersonation.

Instead of the classic From: "CEO Name" [ceoname@fakedomain.com] which gets blocked because "CEO Name" matches, we are now seeing:

From: "CEO Name <ceoname@legitdomain.com>" [ceoname@fakedomain.com].  This is not getting blocked because the Name Header contains more than just the Name, and adding the legit domain email makes it appear more legit to users.

Can VIP Impersonation be changed to search for Name Headers that include a name from the VIP list, rather than an exact match?  Or perhaps provide a switch for clients that want to enable this?

Thanks for listening Slight smile



This thread was automatically locked due to age.