Posts

Are you aware of the recent email phishing tactics cybercriminals have been using to lure in victims? Yes, that’s right, it has everything to do with the newly discovered COVID-19 Omicron variant that is sweeping through the world currently.

It has been 2 years since the COVID-19 global pandemic took the world by storm, and since then businesses have been learning to adapt to the change. Email communications, which was once an afterthought, have now become the basis of life. A recent survey found that the number of email users worldwide has been evaluated to have reached 4.3 Billion in 2022. This means evolved phishing tactics and email scams, and greater risks at business email compromise.

How are cybercriminals phishing users in 2022?

Throughout the ongoing global pandemic, ever since it first broke out, scammers haven’t rested. They have been constantly coming up with new and evolved tactics to lure in victims more easily and effectively. This time around, as soon as news broke about the newly found Omicron-variant that has been making its way around the world and spreading like wildfire, scammers wasted no time in using it as a phishing tool.

Attackers are impersonating governmental and public-health services organizations such as the NHS, to send out fake emails offering victims a free Omicron PCR test. These emails are carefully crafted to look and feel genuine, providing victims with apparently useful information that makes the message believable, thereby making the phishing lure more effective! Thousands of Gmail users and UK citizens have reported various such attempted attacks, the frequency of which is only rising.

By clicking on the phishing link mentioned at the end of the email, users are being redirected to a spoofed landing page. This page appears very similar to an original website belonging to any well-known public-health service organization. Herein victims are asked for personal information like their name, email address, mobile number, address, and date of birth along with a test kit delivery charge. On occasions, sensitive information has also been demanded that may allow attackers to bypass security gateways on banking websites to strip victims off of their money.

Preventing Phishing in 2022: Here’s what you should know!

It is important to note that no public-health service or governmental health service organization is currently providing PCR tests for Omicron. Hence any email claiming the same is a fake email aimed at tricking you.

Moreover, never submit sensitive information that can be used against you on a website unless you are 100% sure of its legitimacy.

How to become more proactive regarding phishing?

The Healthcare sector continues to be one the most impersonated organizations as we progress into 2022. The CISA has recommended DMARC as an effective measure and a healthy practice for organizations who want to take proactive initiatives against email fraud attacks. To break the myth surrounding this protocol stating that it’s hard to implement, you can now generate DMARC record instantly with our tool!

DMARC is a protocol that helps authenticate your emails by aligning them with SPF and/or DKIM, giving domain owners the opportunity to block phishing emails from reaching their customers and employees. DMARC reporting is a technique internal to the protocol itself, that provides domain owners with a wealth of information regarding attempted cyber attacks, failed email deliveries, and other issues pertaining to their emails. It is an all-in-one solution that is the answer to all your email security concerns.

If you’re a healthcare organization looking for a reliable DMARC software solution to prevent scammers from impersonating your domain, create a DMARC record today! If you want to try it out without spending a dime, here’s how you get free DMARC for your domains.

Marketers are the designers of brand image, hence they need to be aware of these 5 famous Phishing terms, that can wreak havoc on a company’s reputation.  Phishing is a type of attack vector that involves a website or email that looks as if it is from a reputable organization but is actually created with the intent of gathering sensitive information such as usernames, passwords, and credit card details (also known as Card Data). Phishing attacks are common in the online world.

When your company falls victim to a phishing attack, it can cause brand name harm and interfere with your search engine ranking or conversion rate. It should be a priority for marketers to protect against phishing attacks because they are a direct reflection of your company’s consistencies. Hence, as marketers, we need to proceed with extreme caution when it comes to phishing scams.

Phishing scams have been around for many years. Don’t worry if you didn’t hear about it before, it isn’t your fault. Some say that the cyber scam was born 10 years ago but phishing officially became a crime in 2004. As Phishing techniques continue to evolve, encountering a new phishing email can quickly become confusing, and sometimes it’s hard to tell if the message is legitimate or not. You can better protect yourself and your organization by being alert to these five common phishing techniques.

5 Common Phishing Terms You Need to Know

1) Email Phishing 

Phishing emails are usually sent out in bulk from a domain that mimics a legitimate one. A company might have the email address [email protected], but a phishing company might use [email protected] The goal is to fool you into clicking on a malicious link or sharing sensitive information by pretending to be a real company you do business with.  A fake domain often involves character substitution, like using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’.

Phishing attacks are constantly evolving and getting more and more undetectable with time. Threat actors are using social engineering tactics to spoof domains and send fraudulent emails from a legitimate domain, for malicious ends.

2) Spear Phishing 

A spear phishing attack is a new form of cyberattack that uses false information to gain access to accounts that have a higher level of security. Professional attackers have a goal of compromising a single victim, and in order to carry out this idea, they research the company’s social profile and the names and roles of employees within that company. Unlike phishing, Spear phishing is a targeted campaign against one organization or individual. These campaigns are carefully constructed by threat actors with the sole purpose of targeting a specific person(s) to gain access into an organization.

3) Whaling

Whaling is a highly targeted technique that can compromise the emails of higher-level associates. The objective, which is similar to other phishing methods, is to trick employees into clicking on a malicious link. One of the most devastating email attacks to pass through corporate networks is the whaling scam. These attempts at personal gain using powers of persuasion to lower victims’ resistance, tricking them into handing over company funds. Whaling is also known as CEO fraud, as attackers often impersonate people in authoritarian positions such as the CEO of a company.

4) Business Email Compromise 

Business Email Compromise (BEC) is a form of cyber crime which can be extremely costly to businesses. This type of cyber attack uses email fraud to influence organizational domains into partaking in fraudulent activity resulting in the compromise and theft of sensitive data. Examples of BEC can include invoice scams, domain spoofing, and other forms of impersonation attacks. Each year an average organization can lose up to $70 million dollars to BEC scams, learn more about 2020 BEC attack statistics. In a typical attack, fraudsters target specific employee roles within an organization by sending a series of fraudulent emails that claim to be from a senior colleague, customer, or business partner. They may instruct recipients to make payments or release confidential data.

5) Angler Phishing 

Many corporations have thousands of customers and receive hundreds of complaints daily. Through social media, companies are able to escape the confines of their limitations and reach out to their customers. This enables a corporation to be flexible and adjust to the demands of its customers. Angler phishing is the act of reaching out to disgruntled customers over social media and pretending to be part of a company. The angler phishing scam is a simple ploy used to trick casual social media users into thinking that a company is trying to remedy their problems when in reality, the person on the other end is taking advantage of them.

How to Protect Your Organization from Phishing and Email Fraud

Your email service provider may come with integrated security packages as a part of their service. These however act as spam filters that offer protection against inbound phishing attempts. However, when an email is being sent by scammers using your domain name to recipient inboxes, like in the case of BEC, whaling, and other forms of impersonation attacks listed above, they won’t serve the purpose. This is why you need to avail of email authentication solutions like DMARC, immediately and shift to a policy of enforcement.

  • DMARC authenticates your emails by aligning them against SPF and DKIM authentication standards.
  • It specifies to receiving servers how they should respond to emails failing authentication checks.
  • DMARC aggregate (RUA) reports provide you with enhanced visibility into your email ecosystem and authentication results and helps you monitor your domains easily.
  • DMARC forensic (RUF) reports give you an in-depth analysis of your DMARC failure results, helping you respond to impersonation attacks faster.

How Can PowerDMARC Help Your Brand?

PowerDMARC is more than just your DMARC service provider, it is a multi-tenant SaaS platform that provides a wide range of authentication solutions and DMARC MSSP programs. We make email authentication easy and accessible for every organization, from small businesses to multinational enterprises.

  • We help you move from p=none to p=reject in no time, so as to protect your brand from impersonation attacks, domain spoofing, and phishing.
  • We help you easily configure DMARC reporting for your with comprehensive charts and tables and RUA report views in 6 different formats for ease of use and amplified visibility
  • We cared about your privacy, so you can encrypt your DMARC RUF reports with your private key
  • We help you generate scheduled PDF reports on your authentication results
  • We provide dynamic SPF flattening solution like PowerSPF so that you never exceed the 10 DNS lookup limit
  • We help you make TLS encryption mandatory in SMTP, with MTA-STS to protect your domain from pervasive monitoring attacks
  • We help you make your brand visually identifiable in your recipient inboxes with BIMI

Sign up with PowerDMARC today to get your free DMARC analyzer tool trial, and shift from a policy of monitoring to enforcement to provide your domain maximum protection against BEC, phishing, and spoofing attacks.

Email phishing has evolved over the years from gamers sending prank emails to it becoming a highly lucrative activity for hackers across the world.

In fact, in the early to mid-’90s AOL experienced some of the first big email phishing attacks. Random credit card generators were used to steal user credentials which allowed hackers to gain wider access into AOL’s company-wide database.

These attacks were shut down as AOL upgraded their security systems to prevent further damage. This then led hackers to develop more sophisticated attacks using impersonation tactics which are still widely used today.

If we jump forward to today, the impersonation attacks most recently affecting both the White House and the WHO prove that any entity is at some point or another is vulnerable to email attacks.

According to Verizon’s 2019 Data Breach Investigation Report, approximately 32% of data breaches experienced in 2019 included email phishing and social engineering respectively.

With that in mind, we’re going to take a look at the different types of phishing attacks and why they pose a huge threat to your business today.

Let’s get started.

1. Email spoofing

Email spoofing attacks are when a hacker forges an email header and sender address to make it look like the email has come from someone they trust. The purpose of an attack like this is to coax the recipient into opening the mail and possibly even clicking on a link or beginning a dialogue with the attacker

These attacks rely heavily on social engineering techniques as opposed to using traditional hacking methods.

This may seem a rather unsophisticated or ‘low-tech’ approach to a cyberattack. In reality, though, they’re extremely effective at luring people through convincing emails sent to unsuspecting employees. Social engineering takes advantage not of the flaws in a system’s security infrastructure, but in the inevitability of human error.

Take a look:

In September 2019, Toyota lost $37 million to an email scam.

The hackers were able to spoof an email address and convince an employee with financial authority to alter account information for an electronic funds transfer.

Resulting in a massive loss to the company.

2. Business Email Compromise (BEC)

According to the FBI’s 2019 Internet Crime Report, BEC scams resulted in over $1.7 million and accounted for more than half cybercrime losses experienced in 2019.

BEC is when an attacker gains access to a business email account and is used to impersonate the owner of that account for the purposes of causing damage to a company and its employees.

This is because BEC is a very lucrative form of email attack, it produces high returns for attackers and which is why it remains a popular cyber threat.

A town in Colorado lost over $1 million to a BEC scam.

The attacker filled out a form on the local website where they requested a local construction company to receive electronic payments instead of receiving the usual checks for work they were currently doing in the town.

An employee accepted the form and updated the payment information and as a result sent over a million dollars to the attackers.

3. Vendor Email Compromise (VEC)

In September 2019, Nikkei Inc. Japan’s largest media organization lost $29 million.

An employee based in Nikkei’s American office transferred the money on instruction from the scammers who impersonated a Management Executive.

A VEC attack is a type of email scam that compromises employees at a vendor company. Such as our above example. And, of course, resulted in huge financial losses for the business.

What about DMARC?

Businesses the world over are increasing their cybersecurity budgets to limit the examples we’ve listed above. According to IDC global spending on security solutions is forecasted to reach $133.7 billion in 2022.

But the truth of the matter is that the uptake of email security solutions like DMARC is slow.

DMARC technology arrived on the scene in 2011 and is effective in preventing targeted BEC attacks, which as we know are a proven threat to businesses all over the world.

DMARC works with both SPF and DKIM which allows you to determine which actions should be taken against unauthenticated emails to protect the integrity of your domain.

READ: What is DMARC and why your business needs to get on board today?

Each of the above cases had something in common… Visibility.

This technology can reduce the impact email phishing activity can have on your business. Here’s how:

  • Increased visibility. DMARC technology sends reports to provide you with detailed insight into the email activity across your business. PowerDMARC uses a powerful Threat Intelligence engine that helps produce real-time alerts of spoofing attacks. This is coupled with full reporting, allowing your business greater insight into a user’s historical records.
  • Increased email security. You will be able to track your company’s emails for any spoofing and phishing threats. We believe the key to prevention is the ability to act quickly, therefore, PowerDMARC has 24/7 security ops centers in place. They have the ability to pull down domains abusing your email immediately, offering your business an increased level of security.
    The globe is in the throes of the COVID-19 pandemic, but this has only provided a widespread opportunity for hackers to take advantage of vulnerable security systems.

The recent impersonation attacks on both the White House and the WHO really highlight the need for greater use of DMARC technology.

 

In light of the COVID-19 pandemic and the rise in email phishing, we want to offer you 3 months FREE DMARC protection. Simply click the button below to get started right now 👇