Tag Archive for: DMARC

How Phishing Scams Are Using Office 365 to Target Insurance Firms

Email is often the first choice for a cybercriminal when they’re launching because it’s so easy to exploit. Unlike brute-force attacks which are heavy on processing power, or more sophisticated methods that require a high level of skill, domain spoofing can be as easy as writing an email pretending to be someone else. In a lot of cases, that ‘someone else’ is a major software service platform that people rely on to do their jobs.

Which is what happened between 15th and 30th April, 2020, when our security analysts at PowerDMARC discovered a new wave of phishing emails targeting leading insurance firms in the Middle East. This attack has been just one among many others in the recent increase of phishing and spoofing cases during the Covid-19 crisis. As early as February 2020, another major phishing scam went so far as to impersonate the World Health Organization, sending emails to thousands of people asking for donations for coronavirus relief.

insurance firms

In this recent series of incidents, users of Microsoft’s Office 365 service received what appeared to be routine update emails regarding the status of their user accounts. These emails came from their organizations’ own domains, requesting users to reset their passwords or click on links to view pending notifications.

We’ve compiled a list of some of the email titles we observed were being used:

  • Microsoft account unusual sign-in activity
  • You have (3) Messages Pending Delivery On Your e-Mail [email protected]* Portal !
  • user@domain You Have Pending Microsoft Office UNSYNC Messages
  • Re-activation Summary Notification for [email protected]

*account details changed for users’ privacy

You can also view a sample of a mail header used in a spoofed email sent to an insurance firm:

Received: from [malicious_ip] (helo= malicious_domain)

id 1jK7RC-000uju-6x

for [email protected]; Thu, 02 Apr 2020 23:31:46 +0200

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

Received: from [xxxx] (port=58502 helo=xxxxx)

by malicious_domain with esmtpsa (TLSv1.2:ECDHE-RSA-AES2  56-GCM-SHA384:256)

From: “Microsoft account team” 

To: [email protected]

Subject: Microsoft Office Notification for [email protected] on 4/1/2020 23:46

Date: 2 Apr 2020 22:31:45 +0100

Message-ID: <[email protected]>

MIME-Version: 1.0

Content-Type: text/html;

charset=”utf-8″

Content-Transfer-Encoding: quoted-printable

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname – malicious_domain

X-AntiAbuse: Original Domain – domain.com

X-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain – domain.com

X-Get-Message-Sender-Via: malicious_domain: authenticated_id: admin@malicious_domain

X-Authenticated-Sender: malicious_domain: admin@malicious_domain

X-Source: 

X-Source-Args: 

X-Source-Dir: 

Received-SPF: fail ( domain of domain.com does not designate malicious_ip_address  as permitted sender) client-ip= malicious_ip_address  ; envelope-from=[email protected]; helo=malicious_domain;

X-SPF-Result: domain of domain.com does not designate malicious_ip_address  as permitted sender

X-Sender-Warning: Reverse DNS lookup failed for malicious_ip_address (failed)

X-DKIM-Status: none /  / domain.com /  /  / 

X-DKIM-Status: pass /  / malicious_domain / malicious_domain /  / default

 

Our Security Operation Center traced the email links to phishing URLs that targeted Microsoft Office 365 users. The URLs redirected to compromised sites at different locations around the world.

By simply looking at those email titles, it would be impossible to tell they were sent by someone spoofing your organization’s domain. We’re accustomed to a steady stream of work or account-related emails prompting us to sign into various online services just like Office 365. Domain spoofing takes advantage of that, making their fake, malicious emails indistinguishable from genuine ones. There’s virtually no way to know, without a thorough analysis of the email, whether it’s coming from a trusted source. And with dozens of emails coming in everyday, no one has the time to carefully scrutinize every one. The only solution would be to employ an authentication mechanism that would check all emails sent from your domain, and block only those that were sent by someone who sent it without authorization.

insurance firms

That authentication mechanism is called DMARC. And as one of the leading providers of email security solutions in the world, we at PowerDMARC have made it our mission to get you to understand the importance of protecting your organization’s domain. Not just for yourself, but for everyone who trusts and depends on you to deliver safe, reliable emails in their inbox, every single time.

You can read about the risks of spoofing here: https://powerdmarc.com/stop-email-spoofing/

Find out how you can protect your domain from spoofing and boost your brand here: https://powerdmarc.com/what-is-dmarc/

insurance firms

/by

PowerDMARC partners with CyberSecOn, launches new operations in Australia, New Zealand

PowerDMARC, the Delaware-based email security provider, has joined hands with one of Australia’s premier information security companies. In a move that’s expected to bring awareness about email security into the mainstream, PowerDMARC’s partnership with CyberSecOn is projected to boost DMARC compliance rates in Australia and New Zealand.

“This is a huge opportunity,” said Faisal Al Farsi, Co-Founder of PowerDMARC, “not just for CyberSecOn and us, but for DMARC as a whole. We really want to see more and more companies take a stand against email phishing, and DMARC is how they can do it. CyberSecOn are as enthusiastic as we are about this, and we can’t wait to see what the future holds for us.”

CyberSecOn are headquartered in Melbourne, Australia, and have been providing security solutions to major names in both the enterprise and government sector. As active members of the Global Cyber Alliance, both companies have been pushing boundaries in the field of cybersecurity in their mutual mission to protect corporate and user data from being misused. This partnership is the latest in their endeavors to bridge the geographic gap so companies around the world can share and collaborate more freely.

“We’d like to think of this as a new page in the book of cybersecurity,” said Shankar Arjunan, Director of CyberSecOn. “This is a chance for us to write something we can all collectively be proud of. We’re incredibly excited to have them join us, and we hope this partnership is as effective for them as it is for us.”

insurance firms

/by

Types of Email Phishing Attacks

Email phishing has evolved over the years from gamers sending prank emails to it becoming a highly lucrative activity for hackers across the world.

In fact, in the early to mid-’90s AOL experienced some of the first big email phishing attacks. Random credit card generators were used to steal user credentials which allowed hackers to gain wider access into AOL’s company-wide database.

These attacks were shut down as AOL upgraded their security systems to prevent further damage. This then led hackers to develop more sophisticated attacks using impersonation tactics which are still widely used today.

If we jump forward to today, the impersonation attacks most recently affecting both the White House and the WHO prove that any entity is at some point or another is vulnerable to email attacks.

According to Verizon’s 2019 Data Breach Investigation Report, approximately 32% of data breaches experienced in 2019 included email phishing and social engineering respectively.

With that in mind, we’re going to take a look at the different types of phishing attacks and why they pose a huge threat to your business today.

Let’s get started.

1. Email spoofing

Email spoofing attacks are when a hacker forges an email header and sender address to make it look like the email has come from someone they trust. The purpose of an attack like this is to coax the recipient into opening the mail and possibly even clicking on a link or beginning a dialogue with the attacker

These attacks rely heavily on social engineering techniques as opposed to using traditional hacking methods.

This may seem a rather unsophisticated or ‘low-tech’ approach to a cyberattack. In reality, though, they’re extremely effective at luring people through convincing emails sent to unsuspecting employees. Social engineering takes advantage not of the flaws in a system’s security infrastructure, but in the inevitability of human error.

Take a look:

In September 2019, Toyota lost $37 million to an email scam.

The hackers were able to spoof an email address and convince an employee with financial authority to alter account information for an electronic funds transfer.

Resulting in a massive loss to the company.

2. Business Email Compromise (BEC)

According to the FBI’s 2019 Internet Crime Report, BEC scams resulted in over $1.7 million and accounted for more than half cybercrime losses experienced in 2019.

BEC is when an attacker gains access to a business email account and is used to impersonate the owner of that account for the purposes of causing damage to a company and its employees.

This is because BEC is a very lucrative form of email attack, it produces high returns for attackers and which is why it remains a popular cyber threat.

A town in Colorado lost over $1 million to a BEC scam.

The attacker filled out a form on the local website where they requested a local construction company to receive electronic payments instead of receiving the usual checks for work they were currently doing in the town.

An employee accepted the form and updated the payment information and as a result sent over a million dollars to the attackers.

3. Vendor Email Compromise (VEC)

In September 2019, Nikkei Inc. Japan’s largest media organization lost $29 million.

An employee based in Nikkei’s American office transferred the money on instruction from the scammers who impersonated a Management Executive.

A VEC attack is a type of email scam that compromises employees at a vendor company. Such as our above example. And, of course, resulted in huge financial losses for the business.

What is Email Phishing?

Email phishing is a form of social engineering in which fraudsters send emails to trick people into giving up confidential information. The emails often look like they come from an organization or individual you trust, such as your bank, a government agency, or even someone in your own company.

Email phishing is becoming more common as people spend more time online and less time reading physical mail. This makes it easier for fraudsters to reach out and contact their victims via email.

How to indentify phishing? 

If you are ever unsure whether an email is real, there are a few ways you can check. First of all, look at the sender’s address. If it doesn’t match what you’re used to seeing on official communications from that company or government agency, then it’s probably not legitimate.

You should also check the subject line and body of the email for spelling errors or other warning signs that it may be fake. For example, if someone sends you an email claiming to have “information” about your account but they misspell “information” as “infomation,” then this may be a sign that they didn’t write the email themselves and don’t know what they’re talking about!

How to prevent Email Phishing with DMARC?

Businesses the world over are increasing their cybersecurity budgets to limit the examples we’ve listed above. According to IDC global spending on security solutions is forecasted to reach $133.7 billion in 2022.

But the truth of the matter is that the uptake of email security solutions like DMARC is slow.

DMARC technology arrived on the scene in 2011 and is effective in preventing targeted BEC attacks, which as we know are a proven threat to businesses all over the world.

DMARC works with both SPF and DKIM which allows you to determine which actions should be taken against unauthenticated emails to protect the integrity of your domain.

READ: What is DMARC and why your business needs to get on board today?

Each of the above cases had something in common… Visibility.

This technology can reduce the impact email phishing activity can have on your business. Here’s how:

  • Increased visibility. DMARC technology sends reports to provide you with detailed insight into the email activity across your business. PowerDMARC uses a powerful Threat Intelligence engine that helps produce real-time alerts of spoofing attacks. This is coupled with full reporting, allowing your business greater insight into a user’s historical records.
  • Increased email security. You will be able to track your company’s emails for any spoofing and phishing threats. We believe the key to prevention is the ability to act quickly, therefore, PowerDMARC has 24/7 security ops centers in place. They have the ability to pull down domains abusing your email immediately, offering your business an increased level of security.
    The globe is in the throes of the COVID-19 pandemic, but this has only provided a widespread opportunity for hackers to take advantage of vulnerable security systems.

The recent impersonation attacks on both the White House and the WHO really highlight the need for greater use of DMARC technology.

In light of the COVID-19 pandemic and the rise in email phishing, we want to offer you 3 months FREE DMARC protection. Simply click the button below to get started right now

Claim Your Offer

insurance firms

/by

PowerDMARC expands Executive Advisory Board, welcomes the newest member

In a first for the company, PowerDMARC has taken on a new strategic expert advisor who will support and guide the company in all future projects in data and email security, authentication, anti-spoofing measures, and DMARC compliance.Abbas PowerDMARC

PowerDMARC, one of the fastest-growing names in email authentication security and DMARC compliance, has announced its newest member who will be joining their Executive Advisory Board, a panel of experts in the fields of cybersecurity and data protection. Abbas Kudrati, Chief Cybersecurity Advisor at Microsoft APJ and an industry professor at Deakin University, will be lending his support to the young startup in all matters related to email security and DMARC compliance.

“It’s incredibly exciting to have someone with the level of expertise and experience of Mr. Kudrati on our Advisory Board,” said PowerDMARC Co-Founder Faisal Al Farsi. “We’re looking for guidance from the best minds in the industry. It’s an honor to have him on board.”

Abbas Kudrati brings with him over two decades’ worth of experience in supervisory and consulting positions at more than 10 different organizations around the globe, where he’s been involved in network security, technology risk services and cybersecurity. He’s also been a part-time professor and executive advisor at La Trobe and Deakin Universities for over two years, and an advisor with EC-Council ASEAN. Presently he’s serving as the Chief Cybersecurity Advisor for Microsoft APJ based in Melbourne, Australia.

In a time of economic slowdown and growing threats to cybersecurity, Kudrati is expected to help PowerDMARC gain a firm foothold in the industry while expanding into newer areas of email security. He will play an important role in advising the company plans for the future and product roadmap.

insurance firms

/by

What is DMARC and why do you need it?

According to the 2019 Cost of Data Breach Report, from Ponemon Institute and IBM Security, the global average cost of a data breach is $3.92 million!

This cyberattack business is a lucrative one. 

In fact, Business Email Compromise generates higher ROI than any other cyberattack. According to the 2019 Internet Crime Report, it reported losses of over $1.7 billion. 

Cybersecurity measures and protocols are crucial to business continuity now more than ever.

According to the Verizon 2019 Data Breach Investigations Report, 94% of malware was delivered by email.

Enter Domain-based Message Authentication, Reporting, and Conformance (DMARC). 

Yes, it’s quite a mouthful. But the time to protect your business email is now.

What is DMARC? DMARC is a relatively new technology.  It’s a technical validation policy that’s set to help protect email senders and receivers from all email spam.

dmarc illustration

DMARC is a solution that builds on both the Sender Policy Framework (SPF) and Domain Key Identified Mail (DKIM) solutions. This technology allows your organisation to publish a specific security policy around your email authentication processes and then instructs your mail server on how to enforce them.

 

DMARC has three main policy settings: 

  • Monitor policy – p=none. This policy means that no action will be taken in the light of failing the DMARC checks.
  • Quarantine policy – p=quarantine. This policy means that all emails that fail your DMARC check need to be treated as suspicious, this could see some emails landing up on your spam folder.
  • Reject policy – p=reject. This policy is set up to reject all emails that do not pass your DMARC checks.

The ways these policies are set up is entirely up to your organisation and how you want to handle unauthenticated emails.

According to the 2019 Global DMARC Adoption Report, only 20.3% of domains are publishing some level of DMARC policy of that only 6.1% have a reject policy in place.

Why DMARC is important for your business?

At this point, you’re wondering if you really need DMARC if you already have SPF and DKIM.

The short answer is yes.

But there’s more…

As of 2019, there were over 3.9 billion email accounts, and when you consider that 94% of malware attacks occurred through email, it absolutely makes business sense to do your very best to protect your email.

While the corporate uptake of DMARC has been slow, it’s essential to note that digital giants such as Facebook and PayPal have adopted DMARC technology.

  • Reporting. The reporting offered with DMARC allows your organisation greater insights into your email channels. They will help your organisation monitor what emails are being sent and received by your organisation. DMARC reports will give you insights into how your domain is being used and can play a role in developing more robust email communications.
  • Enhanced control. DMARC allows you full control over what emails are being sent from your domain. If email abuse is taking place, you will immediately see it in the report allowing you to correct any authentication issues.

Key Takeaways

We’re living in an era where cyberattacks are every businesses reality.

By not securing your email effectively you are opening your business up to all kinds of vulnerabilities.

Don’t let yours be next.

 

 

Take a look at how PowerDMARC can help you secure your business email today.

Simply click the button below to speak to an email security expert today

 

Schedule a Demo

insurance firms

/by