Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VIP Impersonation requires an exact name match

I have started to see slightly more sophisticated phishing attempts that are bypassing Sophos VIP Impersonation.

Instead of the classic From: "CEO Name" [ceoname@fakedomain.com] which gets blocked because "CEO Name" matches, we are now seeing:

From: "CEO Name <ceoname@legitdomain.com>" [ceoname@fakedomain.com].  This is not getting blocked because the Name Header contains more than just the Name, and adding the legit domain email makes it appear more legit to users.

Can VIP Impersonation be changed to search for Name Headers that include a name from the VIP list, rather than an exact match?  Or perhaps provide a switch for clients that want to enable this?

Thanks for listening Slight smile



Added tags
[edited by: Raphael Alganes at 2:53 AM (GMT -7) on 7 Jun 2023]
Parents Reply Children
No Data