Posts

Email spoofing is a growing problem for an organization’s security. Spoofing occurs when a hacker sends an email that appears to have been sent from a trusted source/domain. Email spoofing isn’t a new concept. Defined as “the forgery of an email address header in order to make the message appear to be sent from someone or somewhere other than the actual source,” it has plagued brands for decades. Whenever an email is sent, the From address doesn’t display what server the email was actually sent from—instead it displays whatever domain is entered during the address creation process, thereby raising no suspicion among email recipients.

With the amount of data passing through email servers today, it should come as no surprise that spoofing is an issue for businesses.At the end of 2020,  we found that phishing incidents rose by a staggering 220% compared to the yearly average during the height of global pandemic fears.. Since not all spoofing attacks are carried out on a large scale, the actual number could be much higher. It is 2021, and the problem seems to be only worsening with each passing year. This is why brands are availing of secure protocols to authenticate their emails and steer clear of the malicious intentions of threat actors.

Email Spoofing: What Is It and How Does It Work?

Email spoofing is used in phishing attacks to trick users into thinking the message came from a person or entity they either know or can trust. A cybercriminal uses a spoofing attack to trick recipients into thinking the message came from someone it didn’t. This lets attackers harm you without letting you trace them back. If you see an email from the IRS saying that they sent your refund to a different bank account, it may be a spoofing attack. Phishing attacks can also be carried out via email spoofing, which is a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details (PIN numbers), often for malicious ends. The term comes from ‘fishing’ for a victim by pretending to be trustworthy.

In SMTP, when outgoing messages are assigned a sender address by the client application; outbound emails servers have no way to tell if the sender address is legitimate or spoofed. Hence, email spoofing is possible because the email system used to represent email addresses does not provide a way for outgoing servers to verify that the sender address is legitimate. This is why large industry players are opting for protocols like SPF, DKIM and DMARC to authorize their legitimate email addresses, and minimize impersonation attacks.

Breaking Down the Anatomy of an Email Spoofing Attack

Each email client uses a specific application program interface (API) to send email. Some applications allow users to configure the sender address of an outgoing message from a drop- down menu containing email addresses. However, this ability can also be invoked using scripts written in any language. Each open mail message has a sender address that displays the address of the originating user’s email application or service. By reconfiguring the application or service, an attacker can send email on behalf of any person.

Let’s just say that now it is possible to send thousands of fake messages from an authentic email domain! Moreover, you don’t have to be an expert in programming to use this script. Threat actors can edit the code according to their preference and begin sending a message using another sender’s email domain. This is exactly how an email spoofing attack is perpetrated.

Email Spoofing as a Vector of Ransomware

Email spoofing paves the way for the spread of malware and ransomware. If you don’t know what ransomware is, it is a malicious software which perpetually blocks access to your sensitive data or system and demands an amount of money (ransom) in exchange for decrypting your data again. Ransomware attacks make organizations and individuals lose tons of money every year and lead to huge data breaches.

DMARC and email authentication also acts as the first line of defense against ransomware by protecting your domain from the malicious intentions of spoofers and impersonators.

Threats Involved for Small, Medium and Large Businesses

Brand identity is vital to a business’s success. Customers are drawn to recognizable brands and rely on them for consistency. But cybercriminals use anything they can to take advantage of this trust, jeopardizing your customers’ safety with phishing emails, malware, and email spoofing activities. The average organization loses between $20 and $70 million a year due to email fraud. It is important to note that spoofing can involve trademark and other intellectual property violations as well, inflicting a considerable amount of damage to a company’s reputation and credibility, in the following two ways:

  • Your partners or esteemed customers can open a spoofed email and end up compromising their confidential data. Cybercriminals can inject ransomware into their system leading to financial losses, through spoofed emails posing to be you. Therefore the next time they might be reluctant to open even your legitimate emails, making them lose faith in your brand.
  • Recipient email servers can flag your legitimate emails as spam and lodge them in the junk folder due to deflation in server reputation, thereby drastically impacting your email deliverability rate.

Either ways, without an ounce of doubt, your customer-facing brand will be on the receiving end of all complications. Despite the efforts of IT professionals, 72% of all cyber attacks begin with a malicious email, and 70% of all data breaches involve social engineering tactics to spoof company domains – making email authentication practices like DMARC, a critical priority.

DMARC: Your One-Stop Solution against Email Spoofing

Domain-Based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol which when implemented correctly can drastically minimize email spoofing, BEC and impersonation attacks. DMARC works in unison with two standard authentication practices- SPF and DKIM, to authenticate outbound messages, providing a way to specify to receiving servers how they should respond to emails failing authentication checks.

Read more about what is DMARC?

If you want to protect your domain from the malicious intentions of spoofers, the first step is to implement DMARC correctly. But before you do so, you need to set up SPF and DKIM for your domain. PowerDMARC’s free SPF and DKIM record generators can aid you in generating  these records to be published in your DNS, with a single click. After successfully configuring these protocols, go through the following steps to implement DMARC:

  • Generate an error-free DMARC record using PowerDMARC’s free DMARC record generator
  • Publish the record in your domain’s DNS
  • Gradually move to a DMARC enforcement policy of p=reject
  • Monitor your email ecosystem and receive detailed authentication aggregate and forensic (RUA/RUF) reports with our DMARC analyzer tool

Limitations to Overcome While Achieving DMARC Enforcement

You have published an error-free DMARC record, and moved to a policy of enforcement, and yet you are facing issues in email delivery? The problem can be far more complicated than you think. If you didn’t already know, your SPF authentication protocol has a limit of 10 DNS lookups. However, if you used cloud-based email service providers and various third-party vendors, you can easily exceed this limit. As soon as you do so, SPF breaks and even legitimate emails fail authentication, leading your emails to land in the junk folder or not being delivered at all.

As your SPF record gets invalidated due to too many DNS lookups, your domain again becomes vulnerable to email spoofing attacks and BEC. Therefore staying under the SPF 10 lookup limit is imperative to ensure  email deliverability. This is why we recommend PowerSPF, your automatic SPF flatenner, that shrinks your SPF record to a single include statement, negating redundant and nested IP addresses. We also run periodical checks to monitor changes made by your service providers to their respective IP addresses, ensuring that your SPF record is always up-to-date.

PowerDMARC assembles a range of email authentication protocols like SPF, DKIM, DMARC, MTA-STS, TLS-RPT and BIMI to give your domain a reputation and deliverability boost. Sign up today to get your free DMARC analyzer.

Knowing how to implement DMARC is crucial to an organization’s growth, reputation and security.

A very common question asked by domain owners is “why are my emails going to junk folder instead of the recipients’ inboxes?”. Now it is important to note that the underlying reason behind emails going to the junk folder is never unidirectional, but can be due to various reasons starting from simple inducements like a poorly written email to more complex causes like in case your domain name has been previously used for spam. In either of the cases, your emails landing in the spam folder drastically affects your email deliverability rate and domain reputation. 

If you want to quickly resolve this obstacle all while ensuring that your emails always reach their designated destinations in future, you have come to the right place. Without beating around the bush much, let’s get right into the solution for stopping your emails from getting flagged as spam: opt for email authentication solutions from a reliable service provider today!

How Does Email Authentication Improve Email Deliverability?

Remember that it is all about boosting your domain’s reputation and ensuring that your domain is not used to carry out malicious activities like spoofing or phishing attacks and BEC. This is exactly what an email authentication protocol like DMARC does. Domain-based Message Authentication, Reporting and Conformance (DMARC) is an industry-recommended email authentication standard that makes use of SPF and DKIM to authenticate email messages sent from your domain. DMARC exists in your domain’s DNS as a DNS TXT record specifying to receiving servers how they should treat emails that fail authentication (probable spoofing/phishing emails sent by threat actors using your domain name).

However, it isn’t as easy and it appears to be. Simply publishing a DMARC record would not protect you against email fraud, rather it might worsen the situation in case you have incorrectly configured your authentication protocols. For implementing DMARC correctly you need to set up SPF and DKIM for your domain with the correct syntax and policy mode. Furthermore, only a DMARC policy level of enforcement (p=reject/quarantine) can adequately protect your domain against BEC and spoofing.

Keeping all of this in mind, eventually with DMARC you can observe a more than 10% increase in your email deliverability rate and a noticeable decrease in the number of emails landing in the spam folder.

How Can I Properly Configure DMARC to Stop Being Marked as Spam?

You can follow the steps given below to setup DMARC correctly for your domain:

  • Make a note of all authorized sending sources that can send emails on behalf of your domain.
  • Setup SPF for your domain completely free of cost, with PowerDMARC’s free SPF record generator.
  • Configure DKIM for your domain with PowerDMARC’s free DKIM record generator.
  • Configure DMARC for your domain with PowerDMARC’s free DMARC record generator.
  • Lookup and validate your records.
  • Monitor your authentication results and email flow with automatically generated and easy to comprehend DMARC aggregate and forensic reports using our DMARC analyzer tool, so that you can shift from a none policy to DMARC enforcement in no time!

You can find all the record generators in the PowerDMARC toolbox

Additional Recommendations on Stopping Emails Going to Junk Folder

Stay under the SPF hard limit

You may not be aware of this but SPF authentication comes with a DNS lookup limit of 10. Exceeding this limit invalidates your SPF record causing SPF to break and even legitimate emails to fail authentication checks. In such cases, an SPF permerror result is returned if you have enabled DMARC monitoring for your domain. Hence, staying under the SPF 10 DNS Lookup Limit is imperative to ensure your emails reach your recipients’ inboxes and prevent emails going to junk folder.

Report abusive IP addresses

Blacklisting abusive IP addresses that are using your domain name to conduct fraud can be an important step towards ensuring that similar incidents do not take place in the future. Our DMARC analyzer can help your report malicious addresses from all around the world, in real-time, to make sure they can no longer use your domain for fraudulent activities again!

Gain 100% DMARC compliance

Align emails sent via your domain against both SPF and DKIM authentication standards to gain 100% DMARC compliance. This would considerably improve your senders’ reputation over time and minimize the chances of your emails being flagged as spam, thereby minimizing the chances of your emails going to junk folder.

Sign up with PowerDMARC today to get your free DMARC and take the first step towards preventing your emails from going to the junk folder!

Email serves as a critical channel for B2B lead generation and customer communications, but it is also one of the most widely targeted channels for cyberattacks and email fraud scams. Cybercriminals are always innovating their attacks in order to steal more information and financial assets. As organizations continue to fight back with stronger security measures, cybercriminals must constantly evolve their tactics and improve their phishing and spoofing techniques.

In 2021, a drastic increase in the use of machine learning (ML) and artificial intelligence (AI) based phishing attacks that are going undetected by traditional email security solutions have been detected by security researchers from around the world. The main aim of these attacks are to manipulate human behaviour and trick people into performing unauthorized actions – like transferring money to fraudsters’ accounts.

While the threat of email-based attacks and email fraud are always evolving, don’t stay behind. Know the email fraud trends that will take place in the following years in terms of fraudster tactics, tools, and malware. Through this blog post I’ll show you how cybercriminals are developing their tactics, and explain how your business can prevent this kind of email attack from taking place.

Types Of Email Fraud Scams to Beware of in 2021

1. Business Email Compromise (BEC)

COVID-19 has compelled organizations to implement remote-working environments and shift to virtual communication between employees, partners, and customers. While this has a few benefits to list down, the most apparent downside is the alarming rise in BEC over the past year. BEC is a broader term used for referring to email fraud attacks like email spoofing and phishing.

The common idea is that a cyber attacker uses your domain name to send emails to your partners, customers, or employees trying to steal corporate credentials to gain access to confidential assets or initiate wire transfers. BEC has affected more than 70% of organizations over the past year and has led to the loss of billions of dollars worth of company assets.

2. Evolved Email Phishing Attacks

Email phishing attacks have drastically evolved in the past few years although the motive has remained the same, it is the medium to manipulate your trusted partners, employees and clients into clicking on malicious links encapsulated within an email that appears to be sent from you, in order to initiate the installation of malware or credential theft. Evolved email scammers are sending phishing emails that are hard to detect. From writing impeccable subject lines and error-free content to creating fake landing pages with a high level of accuracy, manually tracing their activities have become increasingly difficult in 2021.

3. Man-In-The-Middle

Gone are the days when attackers sent out poorly-written emails that even a layman could identify as fraudulent. Threat actors these days are taking advantage of SMTP security problems like the use of opportunistic encryption in email transactions between two communicating email servers, by eavesdropping on the conversation after successfully rolling back the secured connection to an unencrypted one. MITM attacks like SMTP downgrade and DNS spoofing have been increasingly gaining popularity in 2021.

4. CEO Fraud

CEO fraud refers to the schemes that are being conducted that target high-level executives in order to gain access to confidential information. Attackers do this by taking the identities of actual people such as CEOs or CFOs and sending a message to people at lower levels within the organization, partners and clients, tricking them into giving away sensitive information. This type of attack is also called Business Email Compromise or whaling. In a business setting, some criminals are venturing to create a more believable email, by impersonating the decision-makers of an organization. This allows them to ask for easy money transfers or sensitive information about the company.

5. COVID-19 Vaccine Lures

Security researchers have unveiled that hackers are still trying to capitalize on the fears tied to the COVID-19 pandemic. Recent studies shed light on the cybercriminal mindset, revealing a continued interest in the state of panic surrounding the COVID-19 pandemic and a measurable uptick in phishing and business email compromise (BEC) attacks targeting company leaders. The medium for perpetrating these attacks is a fake COVID-19 vaccine lure that instantly raises interest among email receivers.

How Can You Enhance Email Security?

  • Configure your domain with email authentication standards like SPF, DKIM and DMARC
  • Shift from DMARC monitoring to DMARC enforcement to gain maximum protection against BEC, CEO fraud and evolved phishing attacks
  • Consistently monitor email flow and authentication results from time to time
  • Make encryption mandatory in SMTP with MTA-STS to mitigate MITM attacks
  • Get regular notifications on email delivery issues with details on their root causes with SMTP TLS reporting (TLS-RPT)
  • Mitigate SPF permerror by staying under the 10 DNS lookup limit at all times
  • Help your recipients visually identify your brand in their inboxes with BIMI

PowerDMARC is your single email authentication SaaS platform that assembles all email authentication protocols like SPF, DKIM, MTA-STS, TLS-RPT and BIMI on a single pane of glass. Sign up today to get your free DMARC analyzer! 

All right, you’ve just gone through the whole process of setting up DMARC for your domain. You published your SPF, DKIM and DMARC records, you analysed all your reports, fixed delivery issues, bumped up your enforcement level from p=none to quarantine and finally to reject. You’re officially 100% DMARC-enforced. Congratulations! Now only your emails reach people’s inboxes. No one’s going to impersonate your brand if you can help it.

So that’s it, right? Your domain’s secured and we can all go home happy, knowing your emails are going to be safe. Right…?

Well, not exactly. DMARC is kind of like exercise and diet: you do it for a while and lose a bunch of weight and get some sick abs, and everything’s going great. But if you stop, all those gains you just made are slowly going to diminish, and the risk of spoofing starts creeping back in. But don’t freak out! Just like with diet and exercise, getting fit (ie. getting to 100% enforcement) is the hardest part. Once you’ve done that, you just need to maintain it on that same level, which is much easier.

Okay, enough with the analogies, let’s get down to business. If you’ve just implemented and enforced DMARC on your domain, what’s the next step? How do you continue keeping your domain and email channels secure?

What to Do After Achieving DMARC Enforcement

The #1 reason that email security doesn’t simply end after you reach 100% enforcement is that attack patterns, phishing scams, and sending sources are always changing. A popular trend in email scams often doesn’t even last longer than a couple of months. Think of the WannaCry ransomware attacks in 2018, or even something as recent as the WHO Coronavirus phishing scams in early 2020. You don’t see much of those in the wild right now, do you?

Cybercriminals are constantly changing their tactics, and malicious sending sources are always changing and multiplying, and there’s not much you can do about it. What you can do is prepare your brand for any possible cyberattack that could come at you. And the way to do that is through DMARC monitoring & visibility .

Even after you’re enforced, you still need to be in total control of your email channels. That means you have to know which IP addresses are sending emails through your domain, where you’re having issues with email delivery or authentication, and identify and respond to any potential spoofing attempt or malicious server carrying a phishing campaign on your behalf. The more you monitor your domain, the better you’ll come to understand it. And consequently, the better you’ll be able to secure your emails, your data and your brand.

Why DMARC Monitoring is So Important

Identifying new mail sources
When you monitor your email channels, you’re not just checking to see if everything’s going okay. You’re also going to be looking for new IPs sending emails from your domain. Your organization might change its partners or third party vendors every so often, which means their IPs might become authorized to send emails on your behalf. Is that new sending source just one of your new vendors, or is it someone trying to impersonate your brand? If you analyse your reports regularly, you’ll have a definite answer to that.

PowerDMARC lets you view your DMARC reports according to every sending source for your domain.

Understanding new trends of domain abuse
As I mentioned earlier, attackers are always finding new ways to impersonate brands and trick people into giving them data and money. But if you only ever look at your DMARC reports once every couple of months, you’re not going to notice any telltale signs of spoofing. Unless you regularly monitor the email traffic in your domain, you won’t notice trends or patterns in suspicious activity, and when you are hit with a spoofing attack, you’ll be just as clueless as the people targeted by the email. And trust me, that’s never a good look for your brand.

Find and blacklist malicious IPs
It’s not enough just to find who exactly is trying to abuse your domain, you need to shut them down ASAP. When you’re aware of your sending sources, it’s much easier to pinpoint an offending IP, and once you’ve found it, you can report that IP to their hosting provider and have them blacklisted. This way, you permanently eliminate that specific threat and avoid a spoofing attack.

With Power Take Down, you find the location of a malicious IP, their history of abuse, and have them taken down.

Control over deliverability
Even if you were careful to bring DMARC up to 100% enforcement without affecting your email delivery rates, it’s important to continuously ensure consistently high deliverability. After all, what’s the use of all that email security if none of the emails are making it to their destination? By monitoring your email reports, you can see which ones passed, failed or didn’t align with DMARC, and discover the source of the problem. Without monitoring, it would be impossible to know if your emails are being delivered, let alone fix the issue.

PowerDMARC gives you the option of viewing reports based on their DMARC status so you can instantly identify which ones didn’t make it through.

 

Our cutting-edge platform offers 24×7 domain monitoring and even gives you a dedicated security response team that can manage a security breach for you. Learn more about PowerDMARC extended support.

At first glance, Microsoft’s Office 365 suite seems to be pretty…sweet, right? Not only do you get a whole host of productivity apps, cloud storage, and an email service, but you’re also protected from spam with Microsoft’s own email security solutions. No wonder it’s the most widely adopted enterprise email solution available, with a 54% market share and over 155 million active users. You’re probably one of them, too.

But if a cybersecurity company’s writing a blog about Office 365, there’s got to be something more to it, right? Well, yeah. There is. So let’s talk about what exactly the issue is with Office 365’s security options, and why you really need to know about this.

What Microsoft Office 365 Security is Good At

Before we talk about the problems with it, let’s first quickly get this out of the way: Microsoft Office 365 Advanced Threat Protection (what a mouthful) is quite effective at basic email security. It will be able to stop spam emails, malware, and viruses from making their way into you inbox.

This is good enough if you’re only looking for some basic anti-spam protection. But that’s the problem: low-level spam like this usually doesn’t pose the biggest threat. Most email providers offer some form of basic protection by blocking email from suspicious sources. The real threat—the kind that can make your organization lose money, data and brand integrity—are emails carefully engineered so you don’t realize that they’re fake.

This is when you get into serious cybercrime territory.

What Microsoft Office 365 Can’t Protect You From

Microsoft Office 365’s security solution works like an anti-spam filter, using algorithms to determine if an email is similar to other spam or phishing emails. But what happens when you’re hit with a far more sophisticated attack using social engineering, or targeted at a specific employee or group of employees?

These aren’t your run-of-the-mill spam emails sent out to tens of thousands of people at once. Business Email Compromise (BEC) and Vendor Email Compromise (VEC) are examples of how attackers carefully select a target, learn more information about their organization by spying on their emails, and at a strategic point, send a fake invoice or request via email, asking for money to be transferred or data to be shared.

This tactic, broadly known as spear phishing, makes it appear that email is coming from someone within your own organization, or a trusted partner or vendor. Even under careful inspection, these emails can look very realistic and are nearly impossible to detect, even for seasoned cybersecurity experts.

If an attacker pretends to be your boss or the CEO of your organization and sends you an email, it’s unlikely that you’ll check to see if the email looks genuine or not. This is exactly what makes BEC and CEO fraud so dangerous. Office 365 will not be able to protect you against this sort of attack because these are ostensibly coming from a real person, and the algorithms will not consider it to be a spam email.

How Can You Secure Office 365 Against BEC and Spear Phishing?

Domain-based Message Authentication, Reporting & Conformance, or DMARC, is an email security protocol that uses information provided by the domain owner to protect receivers from spoofed email. When you implement DMARC on your organization’s domain, receiving servers will check each and every email coming from your domain against the DNS records you published.

But if Office 365 ATP couldn’t prevent targeted spoofing attacks, how does DMARC do it?

Well, DMARC functions very differently than an anti-spam filter. While spam filters check incoming email entering your inbox, DMARC authenticates outgoing email sent by your organization’s domain. What this means is that if someone is trying to impersonate your organization and send you phishing emails, as long as you’re DMARC-enforced, those emails will be dumped in the spam folder or blocked entirely.

And get this — it also means that if a cybercriminal was using your trusted brand to send phishing emails, even your customers wouldn’t have to deal with them, either. DMARC actually helps protect your business, too.

But there’s more: Office 365 doesn’t actually give your organization any visibility on a phishing attack, it just blocks spam email. But if you want to properly secure your domain, you need to know exactly who or what is trying to impersonate your brand, and take immediate action. DMARC provides this data, including the IP addresses of abusive sending sources, as well as the number of emails they send. PowerDMARC takes this to the next level with advanced DMARC analytics right on your dashboard.

Learn more about what PowerDMARC can do for your brand.