Executive Spoofing feature guide

This guide explains how to use the Executive Spoofing feature so Graphus will quarantine emails sent by hackers disguised as company executives.

How executive spoofing works

Executive spoofing occurs when a hacker sends a phishing email impersonating an organization's high ranking executive.

The Executive Spoofing setting allows you to specify the names of executives for whom Graphus will immediately quarantine such attacks. The setting is available on the organization's Settings > Executive Spoofing page. Enable the toggle and enter the executive's name as it would appear in an email sent by the executive. The feature is not case-sensitive and Graphus will quarantine incoming emails that are close to the name provided. Do not enter any email addresses.

After you press enter, the executive's name is added.

Continue to add the necessary executives. A drop-down list might be displayed from which you can select the applicable names. Be sure to Save your entries.

How executive spoofing identifies legitimate accounts

Graphus provides email security for an organization by creating a trust graph which is unique for the organization. Any legitimate sender interacting with the organization will have a trust rating in the graph. Graphus will use this trust rating to separate legitimate and known accounts from potential executive spoofing attacks.

The following scenarios demonstrate how the Executive Spoofing Prevention feature works.

Scenario 1: A hacker creates a new email address and tries to impersonate an executive by setting the executive name as the sender’s name. Since this email address has no trust rating in the trust graph and the executive name matches with the one configured in Graphus, the email will be auto-quarantined.

Scenario 2: The executive is using their personal email address to communicate with the organization. This email address will most likely be present as a trusted entry in the trust graph based on the executive’s previous interactions. Even though the executive's name has been entered in the Executive Spoofing Prevention setting, Graphus sees the executive as a trusted sender and therefore, this email will not be flagged by Graphus.

If Graphus is falsely quarantining a legitimate email address, the admin should unquarantine an email from this sender. This will increase the trust rating and prevent future quarantines.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.