Fortinet black logo

Cookbook

Protecting against email impersonation in FortiMail

Copy Link
Copy Doc ID 76432abd-3ee9-11ea-9384-00505692583a:221814
Download PDF

Protecting against email impersonation in FortiMail

Email impersonation, or Business Email Compromise (BEC), is one of the main problems facing the safety of many businesses today. Impersonators create email headers to deceive the recipient into believing the sender is from a legitimate and trusted source.

If you have a Fortinet Enterprise Advanced Threat Protection (ATP) bundle license, FortiMail provides you a solution to fight against email impersonation by mapping high valued target display names with correct email addresses.

For example, if an external spammer wants to impersonate the CEO of your company (CEO@company.com), the spammer places “CEO ABC <ceo@external.com>” in the email header and sends the message to the user. If FortiMail is configured with a manual entry “CEO ABC” to “ceo@company.com” mapping in the impersonation profile to indicate the correct display name and email pair, or it has learned the pair through the dynamic process, then that email is detected by impersonation analysis.

This recipe guides you through the easy to follow process of creating and implementing an impersonation profile to better protect your network.

There are two types of mapping:

  • Manual: You manually enter mapping entries and create impersonation analysis profiles as described below and then enable the impersonation profile in an antispam profile. Eventually you apply the antispam profile in the IP-based or recipient-based policies.
  • Dynamic: FortiMail Mail Statistics Service can automatically learn the mapping.

Protecting against email impersonation in FortiMail

Email impersonation, or Business Email Compromise (BEC), is one of the main problems facing the safety of many businesses today. Impersonators create email headers to deceive the recipient into believing the sender is from a legitimate and trusted source.

If you have a Fortinet Enterprise Advanced Threat Protection (ATP) bundle license, FortiMail provides you a solution to fight against email impersonation by mapping high valued target display names with correct email addresses.

For example, if an external spammer wants to impersonate the CEO of your company (CEO@company.com), the spammer places “CEO ABC <ceo@external.com>” in the email header and sends the message to the user. If FortiMail is configured with a manual entry “CEO ABC” to “ceo@company.com” mapping in the impersonation profile to indicate the correct display name and email pair, or it has learned the pair through the dynamic process, then that email is detected by impersonation analysis.

This recipe guides you through the easy to follow process of creating and implementing an impersonation profile to better protect your network.

There are two types of mapping:

  • Manual: You manually enter mapping entries and create impersonation analysis profiles as described below and then enable the impersonation profile in an antispam profile. Eventually you apply the antispam profile in the IP-based or recipient-based policies.
  • Dynamic: FortiMail Mail Statistics Service can automatically learn the mapping.