Risk Management

October 18, 2024

Display Name Scams: How Scammers Manipulate Email Display Names to Deceive Recipients

Written By Dave of Securafy

One of the most common tactics scammers use to trick people into revealing sensitive information or making fraudulent payments is by manipulating display names in emails. These display name scams often involve making an email appear as if it’s from a trusted contact, like a colleague, manager, or company, even though the actual email address behind the display name belongs to a scammer.

In this article, we’ll explain how display name scams work, common signs to watch out for, and how to protect yourself from falling victim to these deceitful schemes.

How Display Name Scams Work

When you receive an email, the display name is the name that appears in your inbox, typically showing who the email is from (e.g., “John Smith” or “Customer Service”). While this seems harmless, scammers exploit the fact that many people glance at the display name and assume the email is legitimate without verifying the actual email address.

In a display name scam, the attacker manipulates the display name to impersonate someone the recipient knows or trusts. The email address itself may be completely unrelated or a slight variation of a legitimate address, but the display name will look convincing enough to deceive the recipient. This scam is a form of email spoofing, where the scammer pretends to be someone else to trick the target.


Got questions about email security? Let’s chat and discuss your needs—schedule your FREE Discovery Call today!
Book your free call now!


Common Types of Display Name Scams

1. Business Email Compromise (BEC) Scams

In Business Email Compromise (BEC) scams, cybercriminals impersonate high-level executives or key employees within an organization, such as the CEO or CFO, using a manipulated display name. The scammer sends an email requesting urgent financial transactions, sensitive information, or even gift card purchases.

The display name makes it seem like the email is from someone with authority, leading employees to comply with the request without double-checking the actual email address.

Example:
The display name might show “Jane Doe (CEO),” but the email address could be something like janedoe.finance@fraudsite.com, making it clear that the email is fraudulent upon closer inspection.

2. Customer Service Impersonation

Scammers often impersonate well-known brands, such as Amazon, PayPal, or a bank, by manipulating the display name in phishing emails. These emails might claim there’s an issue with your account or order, prompting you to click on a link that leads to a fake website designed to steal your login credentials.

The email’s display name may say “Amazon Support” or “PayPal Customer Service,” but the email address may be a generic or random address that doesn’t belong to the company.

Example:
The display name reads “Amazon Support,” but the email address is support@random-email.com, which is clearly not associated with Amazon.

3. Vendor or Supplier Scams

Scammers impersonate trusted vendors or suppliers in order to intercept payments or steal sensitive business information. They manipulate the display name to match that of a legitimate supplier, sending fake invoices or asking for payment information.

These scams can cause significant financial losses if the fake invoice is paid before verifying the authenticity of the sender.

Example:
A company might receive an email from “ABC Supplies” (display name), but the email address is something like invoices@abc-fake-supplies.com instead of the legitimate vendor's address.

Red Flags of Display Name Scams

While these scams can be convincing, there are often telltale signs that can help you identify and avoid them:

1. Mismatched Email Addresses

One of the biggest red flags of a display name scam is when the display name looks familiar, but the email address doesn’t match the legitimate sender’s domain. For example, if you receive an email from “Amazon Customer Service,” but the domain isn’t @amazon.com, it’s likely a scam.

How to Check:
Always check the actual email address by hovering over the display name or clicking on it to reveal the full address. Be especially cautious if the email address is a free service like Gmail, Yahoo, or Hotmail, which businesses typically don’t use for customer communication.

2. Unusual Requests

Another warning sign is when the email asks you to do something out of the ordinary, such as transferring money, purchasing gift cards, or sharing sensitive personal information. Legitimate companies and colleagues don’t usually make these kinds of requests through email, especially without prior communication.

How to Check:
Before taking any action, reach out to the sender via an official channel (like their direct phone number or known email address) to verify the request.

3. Urgent or Threatening Language

Scammers often use urgency or threats to pressure recipients into acting quickly without thinking. Phrases like “Your account will be deactivated” or “Immediate payment required” are often used to trigger panic and force quick action.

How to Check:
Legitimate companies rarely ask for immediate action or threaten you over email. If the email seems overly urgent or demanding, it’s likely a scam.


Curious about how to protect your business from email scams? Let’s discuss your security options—book your FREE Discovery Call now!
Schedule your call today!


How to Protect Yourself from Display Name Scams

1. Always Verify the Sender

Before taking action on any email, especially if it seems urgent or unexpected, always verify the sender’s email address. Look beyond the display name to the actual email address to ensure it matches the sender’s organization. If there’s any doubt, contact the sender using another method to confirm they sent the email.

2. Enable Multi-Factor Authentication (MFA)

For added security, enable multi-factor authentication (MFA) on all accounts that offer it. Even if a scammer manages to get your login credentials through a display name scam, MFA requires a second form of authentication (such as a text message code) before they can access your account, providing an extra layer of protection.

3. Use Spam Filters

Most email services offer spam filters that can help identify and flag phishing attempts or fraudulent emails. Make sure your spam filters are enabled and configured to block suspicious or spoofed emails.

4. Educate Employees and Colleagues

If you’re part of an organization, ensure that employees are trained to recognize the signs of display name scams. Regularly remind them to verify email addresses before responding to any unusual requests or clicking on links in emails.

5. Implement a Payment Verification Process

For businesses, having a verification process in place for financial transactions can help prevent fraudulent payments. This process should require confirmation through an alternate communication method, such as a phone call, to verify that payment requests are legitimate.

Stay Vigilant Against Display Name Scams

Display name scams are becoming increasingly common, and their effectiveness lies in their ability to exploit trust. By manipulating the display names in emails, scammers trick recipients into believing they are communicating with someone they know or a company they trust. However, by learning how to spot the red flags and implementing best practices for verifying email communication, you can protect yourself and your organization from these scams.

At Securafy, we help businesses and individuals safeguard their email systems from phishing and spoofing attacks. If you’re looking for expert guidance on how to strengthen your email security, reach out to us today for personalized advice.

Picture of Dave of Securafy
About The Author
Dave is your trusted source for practical risk management in the digital space. Specializing in network security and data backup, he enjoys experimenting with the latest security technologies. Dave’s blogs are packed with tips on regulatory compliance, risk assessments, and audit preparation, helping you stay secure and compliant in a fast-paced tech landscape.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.