| Table of Contents | ||||
|---|---|---|---|---|
|
Summary
Executive impersonation attacks (sometimes known as business email compromise scams) are one of the most common phishing threats that organizations are facing today. Attackers typically spoof the targeted organization's CEO or another high-level official in hopes that a lower-level employee will respond to their request. Below is an example of INKY’s CEO (Dave Bagget) being impersonated from an email address external to inky.com.
...
| Info |
|---|
Note that sometimes it makes sense to include other current or former employees who are commonly spoofed by scammers, even if they're not really VIPs at your organization. |
Configuring Your VIP List
Log in to your INKY Dashboard
Navigate to Settings > VIP List
...
| Info |
|---|
The email address you specify will always bypass the spoofed VIP check as these are considered safe. We recommend adding the VIP’s work and personal email addresses (if applicable) to avoid false positives. |
Creating Exceptions for Trusted VIPs
Email addresses entered into the VIP list are considered trusted and will bypass the Spoofed VIP check. To create an exception, simply add a new entry with the VIP’s name and their trusted email address. It’s common to have multiple entries for the same display name if that person has multiple external email addresses that they regularly use.
...
In this example, matt.smith@polvocapital.onmicrosoft.com and matt.smith@polvocapital.com will bypass Spoofed VIP checks if the sending display name is “Matt Smith”.