Posts

Email serves as a critical channel for B2B lead generation and customer communications, but it is also one of the most widely targeted channels for cyberattacks. Cybercriminals are always innovating their attacks in order to steal more information and financial assets. As organizations continue to fight back with stronger security measures, cybercriminals must constantly evolve their tactics and improve their phishing and spoofing techniques. In 2021, a drastic increase in the use of machine learning (ML) and artificial intelligence (AI) based phishing attacks that are going undetected by traditional email security solutions have been detected by security researchers from around the world. The main aim of these attacks are to manipulate human behaviour and trick people into performing unauthorized actions – like transferring money to fraudsters’ accounts.

While the threat of email-based attacks and email fraud are always evolving, don’t stay behind. Know the email fraud trends that will take place in the following years in terms of fraudster tactics, tools, and malware. Through this blog post I’ll show you how cybercriminals are developing their tactics, and explain how your business can prevent this kind of email attack from taking place.

Types Of Email Fraud Scams to Beware of in 2021

1. Business Email Compromise (BEC)

COVID-19 has compelled organizations to implement remote-working environments and shift to virtual communication between employees, partners and customers. While this has a few benefits to list down, the most apparent down-side is the alarming rise in BEC over the past year. BEC is a broader term used for referring to email-based cyber attacks like email spoofing and phishing. The common idea is that a cyber attacker uses your domain name to send emails to your partners, customers or employees trying to steal corporate credentials to gain access to confidential assets or initiate wire transfers. BEC has affected more than 70% organizations over the past year and has led to the loss of billions of dollars worth of company assets.

2. Evolved Email Phishing Attacks

Email phishing attacks have drastically evolved in the past few years although the motive has remained the same, it is the medium to manipulate your trusted partners, employees and clients into clicking on malicious links encapsulated within an email that appears to be sent from you, in order to initiate installation of malware or credential theft. Evolved email scammers are sending phishing emails that are hard to detect. From writing impeccable subject lines and error-free content to creating fake landing pages with a high level of accuracy, manually tracing their activities have become increasingly difficult in 2021.

3. Man-In-The-Middle

Gone are the days when attackers sent out poorly-written emails that even a layman could identify as fraudulent. Threat actors these days are taking advantage of SMTP security problems like the use of opportunistic encryption in email transactions between two communicating email servers, by eavesdropping on the conversation after successfully rolling back the secured connection to an unencrypted one. MITM attacks like SMTP downgrade and DNS spoofing have been increasingly gaining popularity in 2021.

4. CEO Fraud

CEO fraud refers to the schemes that are being conducted that target high-level executives in order to gain access to confidential information. Attackers do this by taking the identities of actual people such as CEOs or CFOs and sending a message to people at lower levels within the organization, partners and clients, tricking them into giving away sensitive information. This type of attack is also called Business Email Compromise or whaling. In a business setting, some criminals are venturing to create a more believable email, by impersonating the decision-makers of an organization. This allows them to ask for easy money transfers or sensitive information about the company.

5. COVID-19 Vaccine Lures

Security researchers have unveiled that hackers are still trying to capitalize on the fears tied to the COVID-19 pandemic. Recent studies shed light on the cybercriminal mindset, revealing a continued interest in the state of panic surrounding the COVID-19 pandemic and a measurable uptick in phishing and business email compromise (BEC) attacks targeting company leaders. The medium for perpetrating these attacks is a fake COVID-19 vaccine lure that instantly raises interest among email receivers.

How Can You Enhance Email Security?

  • Configure your domain with email authentication standards like SPF, DKIM and DMARC
  • Shift from DMARC monitoring to DMARC enforcement to gain maximum protection against BEC, CEO fraud and evolved phishing attacks
  • Consistently monitor email flow and authentication results from time to time
  • Make encryption mandatory in SMTP with MTA-STS to mitigate MITM attacks
  • Get regular notifications on email delivery issues with details on their root causes with SMTP TLS reporting (TLS-RPT)
  • Mitigate SPF permerror by staying under the 10 DNS lookup limit at all times
  • Help your recipients visually identify your brand in their inboxes with BIMI

PowerDMARC is your single email authentication SaaS platform that assembles all email authentication protocols  like SPF, DKIM, MTA-STS, TLS-RPT and BIMI on a single pane of glass. Sign up today to get your free DMARC analyzer! 

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud, is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach and compromise financial assets. It is a common misconception that cybercriminals usually lay their focus on MNCs and enterprise-level organizations. SMEs these days are just as much a target to email fraud, as the larger industry players. 

How Can BEC Affect Organizations?

Examples of BEC include sophisticated social engineering attacks like phishing, CEO fraud, fake invoices, and email spoofing, to name a few.  It can also be termed as an impersonation attack wherein an attacker aims to defraud a company, by posing to be people in authoritarian positions. Impersonating people like the CFO or CEO, a business partner or anyone you will blindly place your trust on, is what drives the success of these attacks.

February of 2021 captured the activities of Russian cyber gang Cosmic Lynx, as they took a sophisticated approach towards BEC. The group had already been linked to conducting over 200 BEC campaigns since July 2019, targeting over 46 countries worldwide, focusing on giant MNCs that have a global presence. With extremely well-written phishing emails, they are making it impossible for people to differentiate between real and fake messages.

Remote-working has made video conferencing applications indispensable entities, post-pandemic. Cybercriminals are taking advantage of this situation by sending fraudulent emails that impersonate a notification from the video conferencing platform, Zoom. This is aimed at stealing login credentials to conduct massive company data breaches.

It is clear that the relevance of BEC is rapidly surfacing and increasing in recent times, with threat actors coming up with more sophisticated and innovative ways to get away with fraud. BEC affects more than 70% organizations worldwide and leads to the loss of billions of dollars every year. This is why industry experts are coming up with email authentication protocols like DMARC, to offer a high level of protection against impersonation.

What is Email Authentication?

Email authentication can be referred to as a bevy of techniques deployed to provide verifiable information about the origin of emails. This is done by authenticating the domain ownership of the mail transfer agent(s) involved in the message transfer.

Simple Mail Transfer Protocol (SMTP), which is the industry standard for email transfer has no such in-built feature for message authentication. This is why exploiting the lack of security becomes exceedingly easy for cybercriminals to launch email phishing and domain spoofing attacks. This highlights the need for effective email authentication protocols like DMARC, that actually delivers its claims!

Steps to Prevent BEC with DMARC

 

Step 1: Implementation 

The first step to fighting BEC is actually configuring DMARC for your domain. Domain-based Message Authentication, Reporting and Conformance (DMARC) makes use of SPF and DKIM authentication standards to validate emails sent from your domain. It specifies to receiving servers how to respond to emails that fail either/both of these authentication checks, giving the domain owner control over the receiver’s response. Hence for Implementing DMARC you would need to:

  • Identify all valid email sources authorized for your domain
  • Publish SPF record in your DNS to configure SPF for your domain
  • Publish DKIM record in your DNS to configure DKIM for your domain
  • Publish DMARC record in your DNS to configure DMARC for your domain

In order to avoid complexities you can use PowerDMARC’s free tools ( free SPF record generator, free DKIM record generator, free DMARC record generator) to generate records with the correct syntax, instantly, to publish in your domain’s DNS.

Step 2: Enforcement 

Your DMARC policy can be set to:

  • p=none (DMARC at monitoring only; messages failing authentication would still be delivered)
  • p=quarantine (DMARC at enforcement; messages failing authentication would be quarantined)
  • p=reject (DMARC at maximum enforcement; messages failing authentication would not be delivered at all)

We would recommend you to start using DMARC with a policy enabling monitoring only, so that you can keep a tab on the email flow and delivery issues. However, such a policy wouldn’t provide any protection against BEC. This is why you would eventually need to shift to DMARC enforcement. PowerDMARC helps you seamlessly shift from monitoring to enforcement in no time with a policy of p=reject which will help specify to receiving servers that an email sent from a malicious source using your domain would not be delivered to your recipient’s inbox at all.

Step 3: Monitoring and Reporting 

You have set your DMARC policy at enforcement and have successfully minimized BEC, but is that enough? The answer is no. You still need an extensive and effective reporting mechanism to monitor email flow and respond to any delivery issues. PowerDMARC’s multi-tenant SaaS platform helps you:

  • stay in control of your domain
  • visually monitor authentication results for every email, user and domain registered for you
  • take down abusive IP addresses that try impersonating your brand

DMARC reports are available on the PowerDMARC dashboard in two major formats:

  • DMARC aggregate reports (available in 7 different views)
  • DMARC forensic reports (with encryption for enhanced privacy)

A culmination of DMARC implementation, enforcement and reporting helps you drastically reduce the chances of falling prey to BEC scams and impersonation. 

With Anti-Spam Filters Do I Still Need DMARC?

Yes! DMARC works very differently from your ordinary anti-spam filters and email security gateways. While these solutions usually come integrated with your cloud-based email exchanger services, they can only offer protection against inbound phishing attempts. Messages sent from your domain, still remain under the threat of impersonation. This is where DMARC steps in.

Additional Tips for Enhanced Email Security

 

Always Stay under the 10 DNS Lookup Limit 

Exceeding the SPF 10 lookup limit can completely invalidate your SPF record and cause even legitimate emails to fail authentication. In such cases if you have your DMARC set to reject, authentic emails will fail to get delivered. PowerSPF is your automatic and dynamic SPF record flattener that mitigates SPF permerror by helping you stay under the SPF hard limit. It auto updates netblocks and scans for changes made by your email service providers to their IP addresses constantly, without any intervention from your side.

Ensure TLS Encryption of Emails in Transit

While DMARC can protect you from social engineering attacks and BEC, you still need to gear up against pervasive monitoring attacks like Man-in-the-middle (MITM). This can be done by ensuring that a connection secured over TLS is negotiated between SMTP servers every time an email is sent to your domain. PowerDMARC’s hosted MTA-STS makes TLS encryption mandatory in SMTP and comes with an easy implementation procedure.

Get Reports on Issues in Email Delivery

You can also enable SMTP TLS reporting to get diagnostic reports on email delivery issues after configuring MTA-STS for your domain. TLS-RPT helps you gain visibility  into your email ecosystem, and better respond to issues in negotiating a secured connection leading to delivery failures. TLS reports are available in two views (aggregate reports per result and per sending source) on the PowerDMARC dashboard.

Amplify Your Brand Recall with BIMI 

With BIMI (Brand Indicators for Message Identification) you can take your brand recall to a whole new level by helping your recipients visually identify you in their inboxes. BIMI works by attaching your unique brand logo to every email you send out from your domain. PowerDMARC makes BIMI implementation easy with just 3 simple steps on the user’s part.

PowerDMARC is your one-stop destination for an array of email authentication protocols including DMARC, SPF, DKIM, BIMI, MTA-STS, and TLS-RPT. Sign up today to get your free DMARC Analyzer trial!

Business Email Compromise or BEC is a form of email security breach or impersonation attack that affects commercial, government, non-profit organizations, small businesses and startups as well as MNCs and enterprises to extract confidential data that can negatively influence the brand or organization. Spear phishing attacks, invoice scams and spoofing attacks are all examples of BEC.

Cybercriminals are expert schemers who intentionally target specific people within an organization, especially those in authoritarian positions like the CEO or someone similar, or even a trusted customer. The worldwide financial impact due to BEC is huge, especially in the US which has emerged as the prime hub. The solution? Switch to DMARC!

What is DMARC?

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an industry standard for email authentication. This authentication mechanism specifies to receiving servers how to respond to emails failing SPF and DKIM authentication checks. DMARC can minimize the chances of your brand falling prey to BEC attacks by a substantial percentage, and help protect your brand’s reputation, confidential information and financial assets.

Note that before publishing a DMARC record, you need to implement SPF and DKIM for your domain since DMARC authentication makes use of these two standard authentication protocols for validating messages sent on behalf of your domain.

You can use our free SPF Record Generator and DKIM Record Generator to generate records to be published in your domain’s DNS.

How to Optimize Your DMARC Record to Protect Against BEC?

In order to protect your domain against Business Email Compromise, as well as enable an extensive reporting mechanism to monitor authentication results and gain complete visibility into your email ecosystem, we recommend you to publish the following DMARC record syntax in your domain’s DNS:

v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1;

Understanding the tags used while generating a DMARC Record:

v (mandatory)This mechanism specifies the version of the protocol.
p (mandatory)This mechanism specifies the DMARC policy in use. You can set your DMARC policy to:

p=none (DMARC at monitoring only wherein emails failing authentication checks would still land into receivers’ inboxes). p=quarantine (DMARC at enforcement, wherein emails failing authentication checks will be quarantined or lodged into the spam folder).

p=reject (DMARC at maximum enforcement, wherein emails failing authentication checks will be discarded or not delivered at all).

For authentication novices, it is recommended to start out with your policy at monitoring only (p=none) and then slowly shift to enforcement.However, for the purpose of this blog if you want to safeguard your domain against BEC, p=reject is the recommended policy for you to ensure maximum protection.

sp (optional)This tag specifies the subdomains policy which can be set to sp=none/quarantine/reject requesting a policy for all subdomains wherein emails are failing DMARC authentication.

This tag is only useful if you desire to set a different policy for your main domain and subdomains. If not specified the same policy will be levied upon all your subdomains by default.

adkim (optional)This mechanism specifies the DKIM identifier alignment mode which can be set to s (strict) or r (relaxed).

Strict alignment specifies that the d=field in the DKIM signature of the email header must align and match exactly with the domain found in the from header.

However, for Relaxed alignment the two domains must share the same organizational domain only.

aspf (optional) This mechanism specifies the SPF identifier alignment mode which can be set to s (strict) or r (relaxed).

Strict alignment specifies that the domain in the “Return-path” header must align and match exactly with the domain found in the from header.

However, for Relaxed alignment the two domains must share the same organizational domain only.

rua (optional but recommended)This tag specifies the DMARC aggregate reports that are sent to the address specified after the mailto: field, providing insight on emails passing and failing DMARC.
ruf (optional but recommended)This tag specifies the DMARC forensic reports that are to be sent to the address specified after the mailto: field. Forensic reports are message-level reports that provide more detailed information on authentication failures. Since these reports may contain email content, encrypting them is the best practice.
pct (optional)This tag specifies the percentage of emails to which the DMARC policy is applicable. The default value is set to 100.
fo (optional but recommended)The forensic options for your DMARC record can be set to:

->DKIM and SPF don’t pass or align (0)

->DKIM or SPF don’t pass or align (1)

->DKIM doesn’t pass or align (d)

->SPF doesn’t pass or align (s)

The recommended mode is fo=1 specifying that forensic reports are to be generated and sent to your domain whenever emails fail either DKIM or SPF authentication checks.

You can generate your DMARC record with PowerDMARC’s free DMARC Record Generator wherein you can select the fields according to the level of enforcement you desire.

Note that only an enforcement policy of reject can minimize BEC, and protect your domain from spoofing and phishing attacks.

While DMARC can be an effective standard to protect your business against BEC, implementing DMARC correctly requires effort and resources. Whether you are an authentication novice or an authentication aficionado, as pioneers in email authentication, PowerDMARC is a single email authentication SaaS platform that combines all email authentication best practices such as DMARC, SPF, DKIM, BIMI, MTA-STS and TLS-RPT, under the same roof for you. We help you:

  • Shift from monitoring to enforcement in no time to keep BEC at bay
  • Our aggregate reports are generated in the form of simplified charts and tables to help you understand them easily without having to read complex XML files
  • We encrypt your forensic reports to safeguard the privacy of your information
  • View your authentication results in 7 different formats (per result, per sending source, per organization, per host, detailed stats, geo location reports, per country) on our user-friendly dashboard for optimal user-experience
  • Gain 100% DMARC compliance by aligning your emails against both SPF and DKIM so that emails failing either of the authentication checkpoints do not make it through to your receivers’ inboxes

How Does DMARC Protect Against BEC?

As soon as you set your DMARC policy to maximum enforcement (p=reject), DMARC protects your brand from email fraud by reducing the chance of impersonation attacks and domain abuse. All inbound messages are validated against SPF and DKIM email authentication checks to ensure that they arise from valid sources.

SPF is present in your DNS as a TXT record, displaying all the valid sources that are authorized to send emails from your domain. The receiver’s mail server validates the email against your SPF record to authenticate it. DKIM assigns a cryptographic signature, created using a private key, to validate emails in the receiving server, wherein the receiver can retrieve the public key from the sender’s DNS to authenticate the messages. With your policy at reject, emails are not delivered to your recipient’s mailbox at all when the authentication checks fail, indicating that your brand is being impersonated. This ultimately keeps BEC like spoofing and phishing attacks at bay.

PowerDMARC’s Basic Plan for Small Businesses

Our basic plan starts from only 8 USD per month, so small businesses and startups trying to adopt secure protocols like DMARC can easily avail of it. The advantages that you will have at your disposal with this plan are as follows:

Sign up with PowerDMARC today and protect your brand’s domain by minimizing the chances of Business Email Compromise and email fraud!

You know what’s the worst kind of phishing scam? The kind that you can’t simply ignore. Emails supposedly from the government, telling you to make that pending tax-related payment or risk legal action. Emails that look like your school or university sent them, asking you to pay that one tuition fee you missed. Or even a message from your boss or CEO, telling you to transfer them some money “as a favor”.

The problem with emails like this is that they’re impersonating an authority figure, whether it’s the government, your university board, or your boss at work. Those are important people, and ignoring their messages will almost certainly have serious consequences. So you’re forced to look at them, and if it seems convincing enough, you might actually fall for it.

But let’s take a look at CEO fraud. What exactly is it? Can it happen to you? And if it can, what should you do to stop it?

You’re not immune to CEO fraud

A $2.3 billion scam every year is what it is. You might be wondering, “What could possibly make companies lose that much money to a simple email scam?” But you’d be surprised how convincing CEO fraud emails can be.

In 2016, Mattel almost lost $3 million to a phishing attack when a finance executive received an email from the CEO, instructing her to send a payment to one of their vendors in China. But it was only after checking later with the CEO that she realized he’d never sent the email at all. Thankfully, the company worked with law enforcement in China and the US to get their money back a few days later, but that almost never happens with these attacks.

People tend to believe these scams won’t happen to them…until it happens to them. And that’s their biggest mistake: not preparing for CEO fraud.

Phishing scams can not only cost your organization millions of dollars, they can have a lasting impact on the reputation and credibility of your brand. You run the risk of being seen as the company that lost money to an email scam and losing the trust of your customers whose sensitive personal information you store.

Instead of scrambling to do damage control after the fact, it makes a lot more sense to secure your email channels against spear phishing scams like this one. Here are some of the best ways you can ensure that your organization doesn’t become a statistic in the FBI’s report on BEC.

How to prevent CEO fraud: 6 simple steps

  1. Educate your staff on security
    This one is absolutely critical. Members of your workforce—and especially those in finance—need to understand how Business Email Compromise works. And we don’t just mean a boring 2-hour presentation about not writing down your password on a post-it note. You need to train them on how to look out for suspicious signs that an email is fake, look out for spoofed email addresses, and abnormal requests other staff members seem to be making through email.
  2. Look out for telltale signs of spoofing
    Email scammers use all kinds of tactics to get you to comply with their requests. These can range from urgent requests/instructions to transfer money as a way to get you to act quickly and without thinking, or even asking for access to confidential information for a ’secret project’ that the higher-ups aren’t ready to share with you yet. These are serious red flags, and you need to double and triple-check before taking any action at all.
  3. Get protected with DMARC
    The easiest way to prevent a phishing scam is to never even receive the email in the first place. DMARC is an email authentication protocol that verifies emails coming from your domain before delivering them. When you enforce DMARC on your domain, any attacker impersonating someone from your own organization will be detected as an unauthorized sender, and their email will be blocked from your inbox. You don’t have to deal with spoofed emails at all.
  4. Get explicit approval for wire transfers
    This is one of the easiest and most straightforward ways to prevent money transfers to the wrong people. Before committing to any transaction, make it compulsory to seek explicit approval from the person requesting money using another channel besides email. For larger wire transfers, make it mandatory to receive verbal confirmation.
  5. Flag emails with similar extensions
    The FBI recommends that your organization creates system rules that automatically flag emails that use extensions too similar to your own. For example, if your company uses ‘123-business.com’, the system could detect and flag emails using extensions like ‘123_business.com’.
  6. Purchase similar domain names
    Attackers often use similar-looking domain names to send phishing emails. For example, if your organization has a lowercase ‘i’ in its name, they might use an uppercase ‘I’, or replace the letter ‘E’ with the number ‘3’. Doing this will help you lower your chances of someone using an extremely similar domain name to send you emails.

 

When it comes to cybercrime and security threats, Business Email Compromise (BEC) is the big daddy of email fraud. It’s the type of attack most organizations are the least prepared for, and one they’re most likely to get hit by. Over the past 3 years, BEC has cost organizations over $26 billion. And it can be shockingly easy to execute.

BEC attacks involve the attacker impersonating a higher-up executive at the organization, sending emails to a newly hired employee, often in the financial department. They request fund transfers or payments of fake invoices, which if executed well enough, can convince a less experienced employee to initiate the transaction.

You can see why BEC is such a huge problem among major organizations. It’s difficult to monitor the activities of all your employees, and the less experienced ones are more prone to falling for an email that seems to be coming from their boss or CFO. When organizations asked us what’s the most dangerous cyberattack they needed to watch out for, our answer was always BEC.

That is, until Silent Starling.

Organized Cybercrime Syndicate

The so-called Silent Starling is a group of Nigerian cybercriminals with a history in scams and fraud going as far back as 2015. In July 2019, they engaged with a major organization, impersonating the CEO of one of their business partners. The email asked for a sudden, last minute change in bank details, requesting an urgent wire transfer.

Thankfully, they discovered the email was fake before any transaction occurred, but in the ensuing investigation, the disturbing details of the group’s methods came to light.

In what’s now being called Vendor Email Compromise (VEC), the attackers launch a significantly more elaborate and organized attack than typically happens in conventional BEC. The attack has 3 separate, intricately planned-out phases that seem to require a lot more effort than what most BEC attacks usually require. Here’s how it works.

VEC: How to Defraud a Company in 3 Steps

Step 1: Breaking in

The attackers first gain access to the email account of one or more individuals at the organization. This is a carefully orchestrated process: they find out which companies lack DMARC-authenticated domains. These are easy targets to spoof. Attackers gain access by sending employees a phishing email that looks like a login page and steal their login credentials. Now they have complete access to the inner workings of the organization.

Step 2: Collecting information

This second step is like a stakeout phase. The criminals can now read confidential emails, and use this to keep an eye out for employees involved in processing payments and transactions. The attackers identify the target organization’s biggest business partners and vendors. They gather information about the inner workings of the organization — things like billing practices, payment terms, and even what official documents and invoices look like.

Step 3: Taking action

With all this intelligence collected, the scammers create an extremely realistic email and wait for the right opportunity to send it (usually just before a transaction is about to take place). The email is targeted at the right person at the right time, and is coming through a genuine company account, which makes it next to impossible to identify.

By perfectly coordinating these 3 steps, Silent Starling were able to compromise their target organization’s security systems and nearly managed to steal tens of thousands of dollars. They were among the first to try such an elaborate cyberattack, and unfortunately, they’ll certainly not be the last.

I Don’t Want to Be a Victim of VEC. What Do I Do?

The really scary thing about VEC is that even if you’ve managed to discover it before the scammers could steal any money, it does not mean no damage has been done. The attackers still managed to get complete access to your email accounts and internal communications, and were able to get a detailed understanding of how your company’s finances, billing systems and other internal processes work. Information, especially sensitive information like this, leaves your organization completely exposed, and the attacker could always attempt another scam.

So what can you do about it? How are you supposed to prevent a VEC attack from happening to you?

1. Protect your email channels

One of the most effective ways to stop email fraud is to not even let the attackers begin Step 1 of the VEC process. You can stop cybercriminals from gaining initial access by simply blocking the phishing emails they use to steal your login credentials.

The PowerDMARC platform lets you use DMARC authentication to stop attackers from impersonating your brand and sending phishing emails to your own employees or business partners. It shows you everything going on in your email channels, and instantly alerts you when something goes wrong.

2. Educate your staff

One of the biggest mistakes even larger organizations make is not investing a little more time and effort to educate their workforce with a background knowledge on common online scams, how they work, and what to look out for.

It can be very difficult to tell the difference between a real email and a well-crafted fake one, but there are often many tell-tale signs that even someone not highly trained in cybersecurity could identify.

3. Establish policies for business over email

A lot of companies just take email for granted, without really thinking about the inherent risks in an open, unmoderated communication channel. Instead of trusting each correspondence implicitly, act with the assumption that the person on the other end isn’t who they claim to be.

If you need to complete any transaction or share confidential information with them, you can use a secondary verification process. This could be anything from calling the partner to confirm, or have another person authorize the transaction.

Attackers are always finding new ways to compromise business email channels. You can’t afford to be unprepared.

 

In a first for the company, PowerDMARC has taken on a new strategic expert advisor who will support and guide the company in all future projects in data and email security, authentication, anti-spoofing measures, and DMARC compliance.Abbas PowerDMARC

PowerDMARC, one of the fastest-growing names in email authentication security and DMARC compliance, has announced its newest member who will be joining their Executive Advisory Board, a panel of experts in the fields of cybersecurity and data protection. Abbas Kudrati, Chief Cybersecurity Advisor at Microsoft APJ and an industry professor at Deakin University, will be lending his support to the young startup in all matters related to email security and DMARC compliance.

“It’s incredibly exciting to have someone with the level of expertise and experience of Mr. Kudrati on our Advisory Board,” said PowerDMARC Co-Founder Faisal Al Farsi. “We’re looking for guidance from the best minds in the industry. It’s an honor to have him on board.”

Abbas Kudrati brings with him over two decades’ worth of experience in supervisory and consulting positions at more than 10 different organizations around the globe, where he’s been involved in network security, technology risk services and cybersecurity. He’s also been a part-time professor and executive advisor at La Trobe and Deakin Universities for over two years, and an advisor with EC-Council ASEAN. Presently he’s serving as the Chief Cybersecurity Advisor for Microsoft APJ based in Melbourne, Australia.

In a time of economic slowdown and growing threats to cybersecurity, Kudrati is expected to help PowerDMARC gain a firm foothold in the industry while expanding into newer areas of email security. He will play an important role in advising the company plans for the future and product roadmap.