2021 has been quite an eventful year when it comes to email security and authentication. From major ransomware attacks that ended up costing businesses billions of dollars to COVID-19 vaccination phishing lures in the form of fake emails, security professionals had a lot to deal with.

Today we are looking back at the major email security attacks of 2021, talking about what the future holds, and sharing some handy tips on tackling threats in 2022.

Major email security attacks in 2021

1. Direct-domain spoofing

Spoofing attacks continue to rise as we progress into 2022, with attackers impersonating brands including but not limited to well-known industry names like DHL, Microsoft, and Amazon.

2. Phishing attacks

The FBI’s Internet Crime Complaint Center received the most complaints against phishing attacks in 2021.

3. Ransomware

Using phishing as the most common attack vector, several systems were affected by malware and ransomware files this year.

4. Man-in-the-middle attacks

SMTP email security loopholes are easily exploited by Man-in-the-middle attackers to intercept and eavesdrop on email communications.

How to build cyber resilience against these attacks?

Deploying SPF, DKIM, and DMARC

DMARC can help you minimize phishing and spoofing attacks. It also acts as the first line of defense against ransomware. Other benefits of DMARC include improved email deliverability, reduced spam complaints, and boosts your domain’s reputation.

BIMI

If your client’s ESP supports BIMI, it is a good idea to deploy it today. BIMI helps your customers visually identify you in their inbox even before they get around to opening the message.

MTA-STS

MTA-STS is an effective solution against MITM attacks, helping secure your emails in transit and overcome SMTP security issues.

What to expect in 2022?

  • With various organized internet crime groups resurfacing in recent times with upgraded tactics, it wouldn’t be a surprise to anyone if the intensity and frequency of email-based attacks increase even further in 2022.
  • Brand impersonations and ransomware attacks will continue to surge as cybercriminals exploit remote working environments. To make situations worse, the cost associated with these attacks is predicted to also rise in the following year.

Final Thoughts

Security experts recommend that organizations take email security more seriously in the years to come, due to the alarming increase in cyberattacks. A popular myth that security professionals are now debunking is that only MNCs and enterprise-level companies need DMARC. This, of course, is not true as in the past year almost 50% of the organizations that were hit by internet attacks were in fact startups and small businesses. 

Another important thing to consider while implementing security standards is that a relaxed policy for your protocols will provide your domain with very little to zero protection.

While social engineering attacks continue to evolve and get more and more complex and undetectable, companies should evolve with them. Email authentication protocols, while there is no silver bullet, definitely reduce the chances of falling prey to email-based attacks and strengthen the overall email security posture at your organization. It also provides deeper insight into attacks and vulnerabilities, reducing the incident response time.

Business Email Compromise (BEC), ransomware attacks, and social engineering attacks like domain spoofing continue to be reasons for the majority of cyber insurance claims since 2020. As per reports by a renowned US-based cyber insurance firm, a significant percentage (more than 50%) of the insurance claims made by their customers within the first half of 2021 were as a result of being hit by BEC and social engineering attacks.

Furthermore, the costs associated with these attacks are continuing to rise as employees are settling down into their remote working environments. To address these concerns, cyber insurance firms are including email authentication protocols such as a DMARC setup, SPF, and DKIM, as a part of their customers’ cyber insurance package to deal with the costs associated with BEC and reduce business risk. Cyber insurance companies strongly recommend the implementation of anti-spoofing technologies like DMARC and multi-factor authentication for businesses of all sizes.

Need help with generating your DMARC record? Generate DMARC record instantly using our free tool.

What is Cyber Insurance?

Cyber attacks such as large-scale data breaches, BEC, spoofing, and ransomware which has recently become the talk of the town, cost global businesses a hefty sum every year: we are talking billions! To cover the costs associated with these attacks, insurance firms offer their customers cyber insurance. In the form of financial aid, this cyber insurance package helps its customers recover from a financial backlog after being hit with a major attack incident.

Cyber insurance is something that can come in handy for any online business, be it a startup or an enterprise. It covers a part of the cost associated with a variety of cyberattacks including but not limited to: BEC, phishing, ransomware, malware, etc, that can be claimed by the insured company from its insurer.

 

Why should DMARC be an active part of your Cyber Insurance plan?

Cyber insurance firms are proactively partnering up with DMARC software service providers to offer their customers effective solutions for dealing with email compromise. This is because DMARC makes use of technology that is designed to minimize BEC, helping email receiving servers reject malicious messages before they even land in the inbox.

It is important to understand that cyberspace is constantly evolving. It isn’t a static universe that can be tamed by using one software solution to meet all needs. The “one shoe fits all” method will not be able to withstand the constant change in email fraud tactics deployed by cybercriminals. Hence emerging technologies like DMARC can offer a certain degree of security against many if not all of these domain impersonation threats.

Email Security Vulnerabilities: the driving force behind most cyber insurance claims

Cyber insurance and security experts have statistically analyzed how email security vulnerabilities remain the driving force behind most of their customers’ cyber insurance claims. Such vulnerabilities include incorrectly or poorly configured email authentication protocols, or the lack of it altogether. The primary reason for this is, most people don’t have a clear understanding of the protocols and how to leverage them to maximize their domain’s security.

PowerDMARC simplifies the DMARC, SPF, DKIM implementation processes for organizations. Our managed security services are a complete solution for organizations in need of assistance with their email authentication deployment, management, and configuration. You can start your journey towards safer email, and reduce business email compromise today by signing up for a free DMARC analyzer.

In the world of email authentication, we come across fleeting terms like SPF and DKIM. While both SPF and DKIM are email authentication protocols, they work in different ways to ultimately protect your email from spam and impersonation. But can you set up DKIM without SPF? The answer is yes, it can. As independent protocols, they do not rely on one another for their functionalities and can be implemented without the other being set up for the same domains.

In this article, we would analyze in-depth how DKIM and SPF work so you can select which protocol suits you best, and also provide our expert recommendations at the end. Let’s get started!

What is SPF and how does it protect your emails?

SPF (Sender Policy Framework) allows you to specify which mail servers are permitted to send an email on behalf of your domain or subdomain. An SPF record is a type of DNS record used to validate an email sender’s domain name and to specify which hosts are authorized to send emails on behalf of the domain.

SPF was designed to prevent unauthorized users from sending outbound mail from a different domain than their own, often referred to as “spoofing.” In addition, if an organization has multiple mail servers that accept mail for the same domain, an SPF record helps recipient email systems determine which server to receive incoming mail from. It is one of the most widely used email authentication methods deployed by novices and aficionados alike.

What is DKIM and how does it protect your emails?

DomainKeys Identified Mail (DKIM) is an email authentication method that proves an email was authorized by the owner of that domain. This is done by giving the email a digital signature, using a cryptographic algorithm and key.

Using DKIM, your server will sign all outgoing messages, including email marketing campaigns. This allows recipients of your email to verify your identity so they can trust that your messages were not altered in any way. When you sign a message using DKIM, you attach your private key to the value of a hash function of the complete email header and body. The private key used for signing can only be accessed by authorized senders.

How to set up DKIM without SPF & configure DMARC for my domain?

Well, no. You can implement DMARC even if you have either SPF or DKIM set up for your domain. This is because for your emails to pass DMARC alignment, either DKIM or SPF needs to pass alignment for them and not both. Hence, configuring either of two protocols is enough for you to start with your DMARC deployment endeavor.

However, if your question is whether DMARC implementation is a necessary step when you have already set up DKIM or SPF for your domains, the answer is yes. With DMARC you can control the way your recipients respond to fake emails that appear to be coming from your domain, thereby saving your company’s reputation and credibility and also your clients from falling prey to phishing attacks. Neither DKIM nor SPF alone can protect organizations from social engineering attacks like spoofing, you need DMARC for that.

Generate DMARC record now for free to stop spoofing!

What do the experts recommend?

To gain 100% DMARC compliance, we recommend that you align your emails against both DKIM and SPF authentication protocols instead of just one. In certain exceptional cases such as mailing lists and forwarded emails, due to the involvement of intermediary servers, SPF inevitably fails for those emails. If your mailing system is solely dependent on SPF for authentication, legitimate emails may get lost in transit and fail delivery in the aforementioned cases. Hence, having both protocols in place is always a safer option to ensure smoother deliverability and an additional layer of email security.

Want to try out DMARC for yourself? Get a free DMARC trial for your domains now with a simple sign-up!

Are you aware of the recent email phishing tactics cybercriminals have been using to lure in victims? Yes, that’s right, it has everything to do with the newly discovered COVID-19 Omicron variant that is sweeping through the world currently.

It has been 2 years since the COVID-19 global pandemic took the world by storm, and since then businesses have been learning to adapt to the change. Email communications, which was once an afterthought, have now become the basis of life. A recent survey found that the number of email users worldwide has been evaluated to have reached 4.3 Billion in 2022. This means evolved phishing tactics and email scams, and greater risks at business email compromise.

How are cybercriminals phishing users in 2022?

Throughout the ongoing global pandemic, ever since it first broke out, scammers haven’t rested. They have been constantly coming up with new and evolved tactics to lure in victims more easily and effectively. This time around, as soon as news broke about the newly found Omicron-variant that has been making its way around the world and spreading like wildfire, scammers wasted no time in using it as a phishing tool.

Attackers are impersonating governmental and public-health services organizations such as the NHS, to send out fake emails offering victims a free Omicron PCR test. These emails are carefully crafted to look and feel genuine, providing victims with apparently useful information that makes the message believable, thereby making the phishing lure more effective! Thousands of Gmail users and UK citizens have reported various such attempted attacks, the frequency of which is only rising.

By clicking on the phishing link mentioned at the end of the email, users are being redirected to a spoofed landing page. This page appears very similar to an original website belonging to any well-known public-health service organization. Herein victims are asked for personal information like their name, email address, mobile number, address, and date of birth along with a test kit delivery charge. On occasions, sensitive information has also been demanded that may allow attackers to bypass security gateways on banking websites to strip victims off of their money.

Preventing Phishing in 2022: Here’s what you should know!

It is important to note that no public-health service or governmental health service organization is currently providing PCR tests for Omicron. Hence any email claiming the same is a fake email aimed at tricking you.

Moreover, never submit sensitive information that can be used against you on a website unless you are 100% sure of its legitimacy.

How to become more proactive regarding phishing?

The Healthcare sector continues to be one the most impersonated organizations as we progress into 2022. The CISA has recommended DMARC as an effective measure and a healthy practice for organizations who want to take proactive initiatives against email fraud attacks. To break the myth surrounding this protocol stating that it’s hard to implement, you can now generate DMARC record instantly with our tool!

DMARC is a protocol that helps authenticate your emails by aligning them with SPF and/or DKIM, giving domain owners the opportunity to block phishing emails from reaching their customers and employees. DMARC reporting is a technique internal to the protocol itself, that provides domain owners with a wealth of information regarding attempted cyber attacks, failed email deliveries, and other issues pertaining to their emails. It is an all-in-one solution that is the answer to all your email security concerns.

If you’re a healthcare organization looking for a reliable DMARC software solution to prevent scammers from impersonating your domain, create a DMARC record today! If you want to try it out without spending a dime, here’s how you get free DMARC for your domains.

While you are adding domains on Microsoft Exchange Online, you might come across the following error message: “ No DKIM keys saved for this domain ” while finding no option to enable DKIM keys for the domains.

This is a common hindrance faced by Microsoft Exchange Online users. However, this can be easily resolved using Windows Powershell.

What is DKIM?

DKIM is a DomainKeys Identified Mail, which is a method by which an organization can assert responsibility for a message in a way that can be validated by the recipient. The digital signature works similarly to the process used to verify the digital signatures in signed email or on web forms, with the exception that the digital signature is added to every message sent by the DKIM-enabled mail system, instead of just one message.

It poses several benefits, including a reduction in identity spoofing e.g., spam and phishing. This allows the receiver to be able to confirm that the message is genuine. When a message that is sent by, or on behalf of, your organization has been authenticated, that message provides assurance to the recipient that the content was not altered in transit.

Steps to enable DKIM using Windows Powershell on Microsoft 356 Exchange Online

  • On your Windows Powershell application, select “Run as administrator”

  • On the Windows Powershell command prompt window, you need to run the following four commands:

1. $UserCredential = Get-Credential

A dialog box will appear demanding your user name and password. Make sure that you sign in to Powershell with your Office 365 credentials, as an administrator.

2. $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection

3. Import-PSSession $Session -DisableNameChecking

4. New-DkimSigningConfig -DomainName “yourdomain.com” -Enabled $true

[Note: Please remember to replace “yourdomain.com” with your own domain name since this is just an example domain for the sake of this article.]

Fixing the “No DKIM keys saved for this domain” error

  • Now if you log back into your Exchange Online Admin Portal, you should be able to view the option to enable DKIM for your domain

5. Finally, after you have enabled your DKIM keys, you need to run the last command: Remove-PSSession $Session to end your Powershell session

Why do you need to enable DKIM for your Office 365 domains?

DKIM uses public-key cryptography to bind a piece of text to an authorized sender by adding a signature to email headers and other message components. The signature is verified using a private key when the message is received, and the sender is then held accountable for their published email identity on the Internet. It is an essential protocol to ensure the safe and unaltered delivery of your messages. Microsoft recommends that you enable DKIM for enhanced email security for your domains registered on their portal.

Hope this article helped you resolve the “No DKIM keys enabled for this domain” prompt on Microsoft 365 Exchange Online. If you want to learn more about how to configure DKIM on Office 365, you can go through our office 365 DKIM guide.

To stop spoofing attacks on your domain, get daily reports on office 365 DKIM authentication results by configuring our DMARC report analyzer today!

Impersonation attacks like phishing and spoofing can dramatically impact the health of your domain and lead to authentication failures, email compromise, and much more! This is why you need to improve your defenses against them, starting today. There are various methods you can deploy to ensure that your emails are adequately protected against phishing and spoofing attacks. Let’s discuss what they are!

Email Authentication Protocols to prevent impersonation attacks

  1. Sender Policy Framework (SPF)
    A good way to start out is by deploying SPF. Sender Policy Framework, which is based on the DNS of your domain name, can certify that the IP used for sending an email has the right to do so. It prevents fraudulent use of your domain name and prevents third parties from pretending to be you. The SPF protocol is particularly effective against phishing and spoofing attacks because they often take advantage of such mistakes. If a mail server states that it has been sent by a mail server whose IP address can be attributed to your domain then in general operating systems will check twice before delivering an email. In this way mail servers that do not respect SPF are ignored successfully. To put it simply, the “SPF Protocol” allows the owner of a domain (for example [email protected]) to send an authorization to its DNS authority.

  2. DomainKeys Identified Mail (DKIM)
    DomainKeys Identified Mail, or DKIM, is an email authentication system that uses digital signatures to verify the source and contents of a message. It is a set of cryptographic techniques for verifying the source and contents of email messages in order to reduce spam, phishing, and other forms of malicious email. Specifically, it uses shared private encryption keys to authenticate the sender of a given message (the key aspect here being that only the intended recipient should be in possession of this private key), ensuring that email cannot be “spoofed,” or falsely represented by impostors. It also allows an authorized recipient to detect any changes made to a message after it has been sent; if the organization responsible for validating these signatures detects data corruption in an email, they can simply reject it as false and notify its sender as such.

  3. Domain-based Message Authentication, Reporting, and Conformance (DMARC)
    DMARC exists for several reasons. First, DMARC provides you with a way to tell mail servers which messages are legitimate, and which ones are not. Second, DMARC provides you with reports of how well-protected your domain is from attacks. Third, DMARC helps protect your brand from being associated with messages that could harm your reputation. DMARC provides more protection against phishing and spoofing by verifying that an email message really originated from the domain it claims to have come from. DMARC also enables your organization to request reports about the messages you receive. These reports can help you investigate possible security issues and identify possible threats, such as malware infection or phishing attacks targeting your organization.

How can PowerDMARC help you protect your domain against phishing and spoofing attacks?

PowerDMARC’s email security authentication suite not only helps you with the seamless onboarding of your SPF, DKIM, and DMARC protocols but provides many more additional benefits including:

  • SPF flattening to ensure that your SPF record stays valid and under the SPF hard limit of 10 lookups
  • BIMI for visual identification of your business emails. BIMI ensures that the emails reaching your clients contain your brand logo that can be spotted by them even before they open the message
  • MTA-STS to encrypt your emails in transit

To enjoy free DMARC, you need only sign up and create a PowerDMARC account without any additional costs. Start your email authentication journey with us for a safer email experience!