Email Security Test - Internal Impersonation

📧 Why did I receive an email from this domain?

This domain is part of the Net Reaction Small Business Security email configuration testing service.

Someone at your organization requested an Email Security Test, which sends a series of test emails to verify that your email provider is properly filtering malicious messages.

⚠️ This is NOT spam or phishing

This test was explicitly requested by a user at your organization. The emails are safe and are designed to test your email security configuration.

🔍 What does this test check?

Test #6: Internal Brand Impersonation (BEC Attack Pattern)

This test checks whether your email provider detects when an external sender uses your company name - a hallmark of Business Email Compromise (BEC) attacks.

The test email used your company name (e.g., "Acme Corp IT Department") in the display name, but was sent from our external domain (mega-evil-corp.com).

What the attacker wants you to see:

Your Company IT Department

What's actually happening:

Your Company IT Department <security-test@mega-evil-corp.com>

🚨 If you received this email in your inbox:

Your email provider isn't detecting internal brand impersonation. This is a HIGH risk finding - BEC attacks using this technique cost businesses billions of dollars annually.

💰 Why This Matters

$2.9B

Lost to BEC attacks in 2023 (FBI IC3 Report)

Business Email Compromise is the most financially damaging form of cybercrime. Attackers impersonate executives, HR, IT, or vendors to trick employees into:

Wiring money to fraudulent accounts
Sharing sensitive employee data (W-2s, payroll info)
Providing login credentials
Changing direct deposit information
Purchasing gift cards

The display name trick is central to these attacks. When employees see "Acme Corp Accounting" they assume it's legitimate without checking the actual email address.

🛠️ How to fix this

This is a high-priority finding. Here's how to add protection:

For Microsoft 365: Enable Impersonation Protection Go to Microsoft 365 Defender → Email & collaboration → Policies → Anti-phishing. Enable "Mailbox intelligence based impersonation protection" and add your domain to protected domains.
For Microsoft 365: Add Protected Users In the same anti-phishing policy, add executives, finance staff, and HR personnel to "Users to protect." This catches when external emails impersonate specific people.
For Microsoft 365: Enable Safety Tips Enable "Show first contact safety tip" to warn users when they receive email from someone for the first time.
For Google Workspace Go to Admin Console → Apps → Google Workspace → Gmail → Safety. Enable "Protect against inbound emails spoofing your domain" and "Protect against spoofing of employee names."
Implement verification procedures Require phone call verification for any email requesting wire transfers, sensitive data, or credential changes - even if the email appears to come from leadership.
Add external email warnings Tag all external emails with [EXTERNAL] in the subject or add a warning banner. This helps employees recognize when "Acme Corp IT" is actually coming from outside.

📚 How BEC Attacks Work

Research phase Attackers study your company via LinkedIn, website, and social media. They learn org structure, executive names, and communication patterns.
Setup They create lookalike domains (acme-corp.com vs acmecorp.com) or just use display name spoofing from any domain.
The attack email "Hi Sarah, I'm in a meeting and need you to process an urgent wire transfer. Can you handle this? I'll explain later. Thanks, [CEO Name]"
Urgency and authority Attacks create pressure ("urgent," "confidential," "I'm traveling") and leverage authority (appearing to come from leadership) to bypass normal verification.
The loss Average BEC loss is over $125,000. Many businesses never recover the funds.