What is “friendly name spoofing”?
Friendly name **spoofing** manipulates the display name shown to recipients while using a different actual email address. The message appears as "John Smith CEO
This technique bypasses domain authentication. The actual sending domain (gmail.com) passes SPF and DKIM. DMARC doesn't help because the displayed domain isn't the sending domain. Only the display name is spoofed.
Defense requires user awareness: checking actual email addresses, not just display names. Organizations can implement policies flagging messages with display names matching executives but addresses from external domains. Training helps users recognize this common deception.
Was this answer helpful?
Thanks for your feedback!