PowerDMARC, one of the leading DMARC solutions providers, has announced their newest Executive Advisory Board Member. Dr. Saqib Ali, Ph.D., an information systems expert, IT professional and business analyst is slated to join the company as an advisor in the month of May.

Dr. Saqib Ali is serving as the Head of the Information Systems Department at Sultan Qaboos University in Muscat, Oman, and for the last 12 years has held various distinguished positions such as the Director of the Information Systems Program and Associate Professor. He had previously held the roles of Associate Professor and Visiting Fellow at UNSW Canberra and La Trobe University, where he completed his Ph.D. in computer science.

“With Dr. Saqib Ali joining our Advisory Board, we hope to get a new perspective on our business models,” said Faisal Al Farsi, Co-Founder of PowerDMARC. “His work in academia and research is extensive, and I can’t wait to see what fresh thinking he can bring to the company. We’re all looking forward to working with him, a partnership that I’m sure will benefit both of us.”

Dr. Saqib Ali’s research and body of academic work at the Sultan Qaboos University has extended to publishing and participation in various leading conferences, seminars and workshops around the world. His experience in academic and empirical research is expected to help PowerDMARC expand on their current sphere of thought, giving them new, innovative strategies to approach ever more competitive international markets.

Email is often the first choice for a cybercriminal when they’re launching because it’s so easy to exploit. Unlike brute-force attacks which are heavy on processing power, or more sophisticated methods that require a high level of skill, domain spoofing can be as easy as writing an email pretending to be someone else. In a lot of cases, that ‘someone else’ is a major software service platform that people rely on to do their jobs.

Which is what happened between 15th and 30th April, 2020, when our security analysts at PowerDMARC discovered a new wave of phishing emails targeting leading insurance firms in the Middle East. This attack has been just one among many others in the recent increase of phishing and spoofing cases during the Covid-19 crisis. As early as February 2020, another major phishing scam went so far as to impersonate the World Health Organization, sending emails to thousands of people asking for donations for coronavirus relief.

In this recent series of incidents, users of Microsoft’s Office 365 service received what appeared to be routine update emails regarding the status of their user accounts. These emails came from their organizations’ own domains, requesting users to reset their passwords or click on links to view pending notifications.

We’ve compiled a list of some of the email titles we observed were being used:

*account details changed for users’ privacy

You can also view a sample of a mail header used in a spoofed email sent to an insurance firm:

Received: from [malicious_ip] (helo= malicious_domain)

id 1jK7RC-000uju-6x

for [email protected]; Thu, 02 Apr 2020 23:31:46 +0200

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

Received: from [xxxx] (port=58502 helo=xxxxx)

by malicious_domain with esmtpsa (TLSv1.2:ECDHE-RSA-AES2  56-GCM-SHA384:256)

From: “Microsoft account team” 

To: [email protected]

Subject: Microsoft Office Notification for [email protected] on 4/1/2020 23:46

Date: 2 Apr 2020 22:31:45 +0100

Message-ID: <[email protected]>

MIME-Version: 1.0

Content-Type: text/html;

charset=”utf-8″

Content-Transfer-Encoding: quoted-printable

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname – malicious_domain

X-AntiAbuse: Original Domain – domain.com

X-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain – domain.com

X-Get-Message-Sender-Via: malicious_domain: authenticated_id: [email protected]_domain

X-Authenticated-Sender: malicious_domain: [email protected]_domain

X-Source: 

X-Source-Args: 

X-Source-Dir: 

Received-SPF: fail ( domain of domain.com does not designate malicious_ip_address  as permitted sender) client-ip= malicious_ip_address  ; envelope-from=[email protected]; helo=malicious_domain;

X-SPF-Result: domain of domain.com does not designate malicious_ip_address  as permitted sender

X-Sender-Warning: Reverse DNS lookup failed for malicious_ip_address (failed)

X-DKIM-Status: none /  / domain.com /  /  / 

X-DKIM-Status: pass /  / malicious_domain / malicious_domain /  / default

 

Our Security Operation Center traced the email links to phishing URLs that targeted Microsoft Office 365 users. The URLs redirected to compromised sites at different locations around the world.

By simply looking at those email titles, it would be impossible to tell they were sent by someone spoofing your organization’s domain. We’re accustomed to a steady stream of work or account-related emails prompting us to sign into various online services just like Office 365. Domain spoofing takes advantage of that, making their fake, malicious emails indistinguishable from genuine ones. There’s virtually no way to know, without a thorough analysis of the email, whether it’s coming from a trusted source. And with dozens of emails coming in everyday, no one has the time to carefully scrutinize every one. The only solution would be to employ an authentication mechanism that would check all emails sent from your domain, and block only those that were sent by someone who sent it without authorization.

That authentication mechanism is called DMARC. And as one of the leading providers of email security solutions in the world, we at PowerDMARC have made it our mission to get you to understand the importance of protecting your organization’s domain. Not just for yourself, but for everyone who trusts and depends on you to deliver safe, reliable emails in their inbox, every single time.

You can read about the risks of spoofing here: https://powerdmarc.com/stop-email-spoofing/

Find out how you can protect your domain from spoofing and boost your brand here: https://powerdmarc.com/what-is-dmarc/

 

PowerDMARC, the Delaware-based email security provider, has joined hands with one of Australia’s premier information security companies. In a move that’s expected to bring awareness about email security into the mainstream, PowerDMARC’s partnership with CyberSecOn is projected to boost DMARC compliance rates in Australia and New Zealand.

“This is a huge opportunity,” said Faisal Al Farsi, Co-Founder of PowerDMARC, “not just for CyberSecOn and us, but for DMARC as a whole. We really want to see more and more companies take a stand against email phishing, and DMARC is how they can do it. CyberSecOn are as enthusiastic as we are about this, and we can’t wait to see what the future holds for us.”

CyberSecOn are headquartered in Melbourne, Australia, and have been providing security solutions to major names in both the enterprise and government sector. As active members of the Global Cyber Alliance, both companies have been pushing boundaries in the field of cybersecurity in their mutual mission to protect corporate and user data from being misused. This partnership is the latest in their endeavors to bridge the geographic gap so companies around the world can share and collaborate more freely.

“We’d like to think of this as a new page in the book of cybersecurity,” said Shankar Arjunan, Director of CyberSecOn. “This is a chance for us to write something we can all collectively be proud of. We’re incredibly excited to have them join us, and we hope this partnership is as effective for them as it is for us.”

 

Email phishing has evolved over the years from gamers sending prank emails to it becoming a highly lucrative activity for hackers across the world.

In fact, in the early to mid-’90s AOL experienced some of the first big email phishing attacks. Random credit card generators were used to steal user credentials which allowed hackers to gain wider access into AOL’s company-wide database.

These attacks were shut down as AOL upgraded their security systems to prevent further damage. This then led hackers to develop more sophisticated attacks using impersonation tactics which are still widely used today.

If we jump forward to today, the impersonation attacks most recently affecting both the White House and the WHO prove that any entity is at some point or another is vulnerable to email attacks.

According to Verizon’s 2019 Data Breach Investigation Report, approximately 32% of data breaches experienced in 2019 included email phishing and social engineering respectively.

With that in mind, we’re going to take a look at the different types of phishing attacks and why they pose a huge threat to your business today.

Let’s get started.

1. Email spoofing

Email spoofing attacks are when a hacker forges an email header and sender address to make it look like the email has come from someone they trust. The purpose of an attack like this is to coax the recipient into opening the mail and possibly even clicking on a link or beginning a dialogue with the attacker

These attacks rely heavily on social engineering techniques as opposed to using traditional hacking methods.

This may seem a rather unsophisticated or ‘low-tech’ approach to a cyberattack. In reality, though, they’re extremely effective at luring people through convincing emails sent to unsuspecting employees. Social engineering takes advantage not of the flaws in a system’s security infrastructure, but in the inevitability of human error.

Take a look:

In September 2019, Toyota lost $37 million to an email scam.

The hackers were able to spoof an email address and convince an employee with financial authority to alter account information for an electronic funds transfer.

Resulting in a massive loss to the company.

2. Business Email Compromise (BEC)

According to the FBI’s 2019 Internet Crime Report, BEC scams resulted in over $1.7 million and accounted for more than half cybercrime losses experienced in 2019.

BEC is when an attacker gains access to a business email account and is used to impersonate the owner of that account for the purposes of causing damage to a company and its employees.

This is because BEC is a very lucrative form of email attack, it produces high returns for attackers and which is why it remains a popular cyber threat.

A town in Colorado lost over $1 million to a BEC scam.

The attacker filled out a form on the local website where they requested a local construction company to receive electronic payments instead of receiving the usual checks for work they were currently doing in the town.

An employee accepted the form and updated the payment information and as a result sent over a million dollars to the attackers.

3. Vendor Email Compromise (VEC)

In September 2019, Nikkei Inc. Japan’s largest media organization lost $29 million.

An employee based in Nikkei’s American office transferred the money on instruction from the scammers who impersonated a Management Executive.

A VEC attack is a type of email scam that compromises employees at a vendor company. Such as our above example. And, of course, resulted in huge financial losses for the business.

What about DMARC?

Businesses the world over are increasing their cybersecurity budgets to limit the examples we’ve listed above. According to IDC global spending on security solutions is forecasted to reach $133.7 billion in 2022.

But the truth of the matter is that the uptake of email security solutions like DMARC is slow.

DMARC technology arrived on the scene in 2011 and is effective in preventing targeted BEC attacks, which as we know are a proven threat to businesses all over the world.

DMARC works with both SPF and DKIM which allows you to determine which actions should be taken against unauthenticated emails to protect the integrity of your domain.

READ: What is DMARC and why your business needs to get on board today?

Each of the above cases had something in common… Visibility.

This technology can reduce the impact email phishing activity can have on your business. Here’s how:

  • Increased visibility. DMARC technology sends reports to provide you with detailed insight into the email activity across your business. PowerDMARC uses a powerful Threat Intelligence engine that helps produce real-time alerts of spoofing attacks. This is coupled with full reporting, allowing your business greater insight into a user’s historical records.
  • Increased email security. You will be able to track your company’s emails for any spoofing and phishing threats. We believe the key to prevention is the ability to act quickly, therefore, PowerDMARC has 24/7 security ops centers in place. They have the ability to pull down domains abusing your email immediately, offering your business an increased level of security.
    The globe is in the throes of the COVID-19 pandemic, but this has only provided a widespread opportunity for hackers to take advantage of vulnerable security systems.

The recent impersonation attacks on both the White House and the WHO really highlight the need for greater use of DMARC technology.

 

In light of the COVID-19 pandemic and the rise in email phishing, we want to offer you 3 months FREE DMARC protection. Simply click the button below to get started right now 👇

 

 

In a first for the company, PowerDMARC has taken on a new strategic expert advisor who will support and guide the company in all future projects in data and email security, authentication, anti-spoofing measures, and DMARC compliance.Abbas PowerDMARC

PowerDMARC, one of the fastest-growing names in email authentication security and DMARC compliance, has announced its newest member who will be joining their Executive Advisory Board, a panel of experts in the fields of cybersecurity and data protection. Abbas Kudrati, Chief Cybersecurity Advisor at Microsoft APJ and an industry professor at Deakin University, will be lending his support to the young startup in all matters related to email security and DMARC compliance.

“It’s incredibly exciting to have someone with the level of expertise and experience of Mr. Kudrati on our Advisory Board,” said PowerDMARC Co-Founder Faisal Al Farsi. “We’re looking for guidance from the best minds in the industry. It’s an honor to have him on board.”

Abbas Kudrati brings with him over two decades’ worth of experience in supervisory and consulting positions at more than 10 different organizations around the globe, where he’s been involved in network security, technology risk services and cybersecurity. He’s also been a part-time professor and executive advisor at La Trobe and Deakin Universities for over two years, and an advisor with EC-Council ASEAN. Presently he’s serving as the Chief Cybersecurity Advisor for Microsoft APJ based in Melbourne, Australia.

In a time of economic slowdown and growing threats to cybersecurity, Kudrati is expected to help PowerDMARC gain a firm foothold in the industry while expanding into newer areas of email security. He will play an important role in advising the company plans for the future and product roadmap.