Summary
Executive impersonation attacks (sometimes known as business email compromise scams) are one of the most common phishing threats that organizations are facing today. Attackers typically spoof the targeted organization's CEO or another high-level official in hopes that a lower-level employee will respond to their request. Below is an example of INKY’s CEO (Dave Bagget) being impersonated from an email address external to inky.com.
INKY’s VIP list provides administrators an easy approach to combat these simple, yet sophisticated attacks. The VIP list should contain the names and valid email addresses of top executives, commonly-spoofed employees, board members, and other important contacts.
When VIP spoofing checks are enabled, INKY will flag messages as a Spoofed VIP or Possible Spoofed VIP if it arrives from a sender whose display name matches one of the names on the list but does not match the email address associated with that name. Therefore, it is important to include all valid email addresses for each person in the list.
In order to minimize disruption in some cases, INKY will flag an email as Possible Spoofed VIP which results in a caution banner (yellow) as opposed to a danger banner (red). This is based on certain factors such as sender reputation and common industry email practices.
Note that sometimes it makes sense to include other current or former employees who are commonly spoofed by scammers, even if they're not really VIPs at your organization.
Configuring Your VIP List
Log in to your INKY Dashboard
Navigate to Settings > VIP List
2. Ensure the Enabled Spoofing Checks option is checked
3. You can add individual VIP entries, or bulk upload multiple entries at once using a CSV spreadsheet.
a. Manual Entry
i. Select Add New VIP
ii. Fill in the prompt to include the VIP’s first name, last name, and email address.
b. Bulk Entry
i. Create a new Excel file and input your entries in the format below. Ensure the top row includes last_name, first_name, email_address in columns A, B, and C respectively.
last_name, first_name, email_address Einstein, Albert, albert.einstein@example.com Einstein, Albert, einstein@webmail.com Goodall, Jane, janeg@example.com
The email address you specify will always bypass the spoofed VIP check as these are considered safe. We recommend adding the VIP’s work and personal email addresses (if applicable) to avoid false positives.
Creating Exceptions for Trusted VIPs
Email addresses entered into the VIP list are considered trusted and will bypass the Spoofed VIP check. To create an exception, simply add a new entry with the VIP’s name and their trusted email address. It’s common to have multiple entries for the same display name if that person has multiple external email addresses that they regularly use.
In this example, matt.smith@polvocapital.onmicrosoft.com and matt.smith@polvocapital.com will bypass Spoofed VIP checks if the sending display name is “Matt Smith”.