We receive fake emails from our own staff members, but it's not their address
You receive an email from an external source where the Sender name matches a person in your company, but the email address is not within your company.
For example John Smith works a Blue Widgets Inc and has an email of john.smith@bluewidgets.com
An email comes in where the sender shows 'John Smith' but the sender email is 'johnbobsquearepants1996@gmail.com'
Unfortunately there are people in the world legitimately called 'John Smith' and they are not the same people as the ones in your company. This person has sent the email from their own address, and simply set their name as John Smith, and technically there is nothing wrong with that.
John may also choose to call himself 'Bob Squarepants' in his name field, and use the same email address 'johnbobsquearepants1996@gmail.com' - again, there is nothing technically wrong with that.
It's like anyone who tries to get a yahoo/hotmail/gmail.com address today, it will contain some numbers or something non identifiable, because the chances of you getting yourname@gmail.com is highly unlikely. However, you can set the "From" name on that account to "Elon Musk" if you wish.
This is called an "Impersonation Attack" in cybersecurity.
Impersonation is a common tactic in attacks like CEO fraud, business email compromise, and supply chain compromise. It’s difficult to detect and prevent since it preys on the human element, rather than traditional cyberattacks which are more technical in nature. The attacker will pick a target, research that target and find relationships, then develop content based on that relationship., and use the name of that familiar person.
There are two common scenarios for this issue:
1) A very plain email with no links or fancy design.
Because this email is very plain, and has no links it isn't spam or phishing so there are no rules we can put in place to stop it from happening in the future.
All we can do here is blacklist this email address (as a user click the 'Mark as Spam' button), but that doesn't mean it won't happen again.
You may also block this address from your inbox by following the steps below.
2) A fancy well designed email that copies your signature or company branding
In most cases if the link goes to a known phishing site, then it will get blocked by Google's filters before we have to do anything and you notice it.
If that doesn't happen, we can look at this email for patterns such as links, and potentially set a rule to send it to spam, or block it altogether.
And of course awareness and education on Cyber Resilience is a big part of fighting this.
