Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=email-impersonation-protection

Impersonation protection and VIP management

With the Impersonation protection and VIP management features, you can detect phishing emails that pretend to come from well-known brands or important people within your organization.

These options are only available with an Email Advanced license.

Impersonation protection

Impersonation protection looks for two types of impersonation:

  • Imitation of a well-known brand, often a financial organization or online shopping site.
  • Use of the names of important people in phishing emails. You can add names in VIP management.

Impersonation protection can flag emails as VIP impersonation, even without a specific VIP name match. If you encounter a false positive, you can send sample emails to SophosLabs for review. For more information, see Send samples of phishing, spam, or false-positive emails to SophosLabs.

The feature is turned on by default and controlled by Email Security policy settings. See Email Security policy.

This video provides an overview of Impersonation protection, including its function, its configuration, where to view detections, and more.

VIP management

You can enter up to 500 email addresses of very important people (VIPs) in your organization on the VIP management page. Emails are monitored for signs of impersonation of these addresses.

Go to My Products > General Settings > VIP management.

You can manually add email addresses with the Add VIP function.

The Help me find VIPs function searches a connected Active Directory (AD) service for high-risk users. The more information you’ve added to your AD entries (for example job titles), the better the results are. You then select users from the search results.