User population & Impersonation Detection
This guide explains how Mesh leverages information from populated users to protect against spoofing attacks.
Note: Display name and username matching is just one component of our Impersonation Detection.
The below table explains the significance of using the VIP tag for employees that are most likely to be impersonated.
If utilizing Azure AD Sync, we automatically assign this tag to your most likely to be impersonated users such as C-suite, managers, finance, and other key roles commonly used in Business Email Compromise (BEC) attacks.
Sender display name | Role in Mesh | Result |
|---|---|---|
Joe Bloggs | DOESN'T EXIST | No display name match score applied. |
John Smith | USER | Display name match score applied. |
Sales Team | FUNCTIONAL ADDRESS | Display name match score applied. |
Lisa Simons | USER VIP | Greater display name match score applied. |
Note: Functional addresses (non-billable) trigger display name scoring and can be used to protect against attacks using a variation of an employee’s name - e.g., Jon Smith, instead of John Smith.