It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Network Security

Support Services

Barracuda Essentials

Overview Documentation Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Attention

As of March 1, 2022, the legacy Barracuda Essentials Security, Compliance, and Complete editions are no longer available for purchase. Only existing customers can renew or add users to these plans.

Following October 30, 2022, the documentation and trainings will no longer be updated and will contain outdated information.

For more information on the latest Email Protection plans, see Barracuda Email Protection.

To update your bookmarks, see the following for the latest documentation and trainings:

Note that MSP customers should continue to follow Barracuda Essentials for MSPs.

How to Create a Content Policy to Prevent Employee Impersonation

Last updated on 2021-12-01 23:44:44

These instructions apply to customers not currently using Office 365. If you are using Office 365, contact your sales representative to discuss Barracuda Sentinel.

Employee impersonation is one of many sophisticated email threats organizations encounter. Employee impersonation attacks occur in many different ways, one of the most common being display name spoofing. Display name spoofing attacks attempt to deceive recipients by changing the display name of their email to impersonate an employee. These emails typically come from legitimate email accounts, such as Gmail or Yahoo, and do not contain any links or attachments. They are designed using social engineering.

To protect against these attacks, you should use a combination of gateway defenses with an API based inbox defense, which uses AI to analyze historical email information to stop sophisticated email threats from reaching your users’ inboxes, along with user awareness training. If you are unable to use inbox defense, you can create content policies at the gateway to block unwanted emails.

While content filtering is not foolproof, they do provide a greater level of control than that of unrestricted content.

To create a content policy:

Log into Barracuda Essentials and go to the Inbound Settings > Content Policies page.
Under Message Content Filter section, type in the name of the employee for the Pattern.
Select Block for the Action.
Select Sender for the Match.
Click Add.

For example, if you want to block display name spoofing attacks for your CEO "Hank Eckerson", your inbound content policy would be similar to this.

Note that these policies will block ALL inbound mail that contain that specific pattern. If an email is received from someone who has the same name, their mail will also be blocked. To allow an external email that has the same display name as a protected employee, you must create an IP or sender based exemption.

Previous Article Next Article