Skip to main content
Skip table of contents

User population & Impersonation Detection

This guide explains how Mesh leverages information from populated users to protect against spoofing attacks.

Note: Display name and username matching is just one component of our Impersonation Detection.

The below table explains the significance of using the VIP tag for employees that are most likely to be impersonated.

If utilizing Azure AD Sync, we automatically assign this tag to your most likely to be impersonated users such as C-suite, managers, finance, and other key roles commonly used in Business Email Compromise (BEC) attacks.

Sender display name

Role in Mesh

Result

Joe Bloggs

DOESN'T EXIST

No display name match score applied.

John Smith

USER

Display name match score applied.

Sales Team

FUNCTIONAL ADDRESS

Display name match score applied.

Lisa Simons

USER VIP

Greater display name match score applied.

Note: Functional addresses (non-billable) trigger display name scoring and can be used to protect against attacks using a variation of an employee’s name - e.g., Jon Smith, instead of John Smith.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.