Display name spoofing is an email-impersonation tactic where the attacker uses a familiar sender name even though the underlying email address is different. It matters because many users glance at the visible sender name long before they inspect the full address or authentication details.
What is Display Name Spoofing?
Attackers may use executive names, vendor contacts, or internal employee names to create urgency and trust. This tactic often appears in BEC and social-engineering campaigns even when domain authentication prevents more direct spoofing.
What Display Name Spoofing Commonly Supports
Common uses include phishing awareness, BEC defense, user-interface review, and mailbox monitoring.
Display Name Spoofing vs. Domain Spoofing
Display name spoofing abuses how sender names are shown to users. Domain spoofing more directly forges or imitates the underlying sending identity.
Frequently Asked Questions
Why is display name spoofing effective?
Because it targets human reading habits rather than only technical mail validation gaps.
Can DMARC stop it?
Not directly. DMARC focuses on domain-level authentication and policy, not deceptive names alone.
Related Cybersecurity Terms
