Posts

Let’s talk about spoofing for a minute. When you hear words like ‘phishing’, ‘business email compromise’ or ‘cybercrime’, what’s the first that pops into your head? Most people would think about something on the lines of email security, and chances are, you did, too. And that’s absolutely right: each of the terms I just mentioned are forms of cyberattack, where a criminal uses social engineering and other techniques to gain access to sensitive information and money. Obviously that’s bad, and organizations should do everything they can to protect themselves against it.

But there’s another side to this, one that some organizations simply don’t consider, and it’s one that’s equally important to them. Phishing doesn’t just put you at a higher risk of losing data and money, but your brand stands an equally large chance of losing out, too. In fact, that chance is as high as 63%: that’s how many consumers are likely to stop shopping a brand after just a single unsatisfactory experience.

How Do Email Phishing Attacks Harm Your Brand?

Understanding how phishing can compromise your organization’s systems is fairly straightforward. But the long-term effects of a single cyberattack? Not so much.

Think about it this way. In most cases, a user checking their email is likely going to click on an email from a person or brand they know and trust. If the email looks realistic enough, they wouldn’t even notice the difference between one that’s fake and one that’s not. The email might even have a link leading to a page that looks exactly like your organization’s login portal, where they type in their username and password.

Later on, once they hear that their credit card details and address have been leaked to the public, there’s nowhere to turn to but your organization. After all, it was ‘your email’ that caused the disaster, your lack of security. When your own customers totally lose faith in your brand and its credibility, it can cause huge problems for the optics of your brand. You’re not just the company that got hacked, you’re the company that allowed their data to be stolen through an email you sent.

It’s not hard to see how this could seriously hurt your bottom line in the long run, especially when new, potential customers are turned off by the prospect of being another victim of your emails. Cybercriminals take the trust and loyalty that your customers have in your brand, and actively use it against you. And that’s what makes Business Email Compromise (BEC) so much more than a technical security issue.

What Are Some of the Worst-Hit Industries?

Pharmaceutical companies are some of the most frequently targeted businesses for phishing and cyberattacks. According to a study of Fortune 500 pharmaceutical companies, in just the last 3 months of 2018, each company faced on average 71 email fraud attacks. That’s because drug companies hold valuable intellectual property on new chemicals and pharmaceutical products. If an attacker can steal this information, they can sell them on the black market for a hefty profit.

Construction and real estate companies aren’t too far behind, either. Financial service companies and financial institutions in particular face the constant threat of having sensitive data or large sums of money stolen from them through carefully planned Business as well as Vendor Email Compromise (VEC) attacks. 

All these industries benefit greatly from customers trusting their brands, and their relationship with the brands directly influences their business with the companies. If a consumer were to feel like that company wasn’t capable of keeping their data, money or other assets safe, it would be detrimental to the brand, and sometimes, irreparably so.

Learn more about email security for your specific industry.

How Can You Save Your Brand?

Marketing is all about building your brand image into something that audiences won’t just remember, but associate with quality and reliability. And the first step towards that is by securing your domain.

Cybercriminals spoof your organization’s domain and impersonate your brand, so when they send an email to an unsuspecting user, it will appear like it’s coming from you. Rather than expecting users to identify which emails are real and which ones aren’t (which very often is almost impossible, particularly for the layman), you can instead prevent those emails from entering users’ inboxes entirely.

DMARC is an email authentication protocol that acts like an instruction manual for a receiving email server. Every time an email is sent from your domain, the receiver’s email server checks your DMARC records (published on your DNS), and validates the email. If the email is legitimate, it ‘passes’ DMARC authentication, and gets delivered to the user’s inbox.

If the email is from an unauthorized sender, depending on your DMARC policy, the email can be either sent directly to spam, or even blocked outright.

Learn more about how DMARC works here.

DMARC can almost completely eliminate all spam emails that originate from your domain, because instead of blocking fake emails as they leave your domain, it instead checks for authenticity as the email arrives in the receiver’s server.

If you’ve already implemented DMARC and are looking for ways to take your brand security even further, there’s Brand Indicators for Message Identification (BIMI). This new email security standard affixes your brand’s logo next to every email from your domain that’s been authenticated by DMARC.

Now, when your customers see an email you’ve sent, they’ll associate your logo with your brand, improving brand recall. And when they see your logo, they’ll learn to only trust emails that have your logo next to them.

Learn more about BIMI here. 

According to Gartner DMARC is one of the top 10 security projects! When you’re in the cybersecurity space for as long as we’ve been, you start to notice patterns in how some organizations view the purpose of security. A lot of people see cybersecurity measures more as a way to meet compliance standards than to actually secure their digital processes. This is a rather myopic way of looking at it because it fails to properly convey the real-world utility security has.

In a recent article by Gartner, they listed 10 top security projects for 2020-2021. According to security and risk management leaders, these are the most important strategies for organizations to not only mitigate the risk to their brand, but actually drive up their business value. “The key is to prioritize business enablement and reduce risk,” writes Kasey Panetta, ” and communicate those priorities effectively to the business.”

Among others, DMARC was listed as one of the most important security measures organizations can leverage for their business. So how does that work exactly? How is it supposed to improve your business value in the long run? Let’s find out.

DMARC is About More Than Just Email

Sure, if we’re going to be technical, then yes. DMARC is an email authentication protocol that helps receiving servers weed out fake emails sent from your domain. But when properly implemented, DMARC is a tool brands can use to build trust, credibility, and authenticity through their digital communications. It’s also a way to ensure that the brand message you’re trying to convey isn’t diluted or dampened by impersonation attempts.

It’s incredibly difficult for the average user to tell when they’re being spoofed, because of how innocuous the emails often look. They can be as simple as asking your customer to log in to your online service to update information, like these massive Office 365 phishing scams that compromised thousands of accounts. Or it could be as complex and carefully orchestrated as the Silent Starling attack of 2019.

DMARC protection isn’t just going to keep the spam email out of your customers’ inboxes. It’s how you’re going to ensure that your customers have the confidence to click on your emails when they see them. Email authentication doesn’t just bring measurable benefits like increased delivery rates, it offers real-world benefits to your brand that go beyond numbers on a graph.

5 Benefits of DMARC for Business | Gartner DMARC

1. Information

This is the most tangible and measurable benefit of DMARC, and it comes in the form of DMARC reports. Once you set up DMARC, you can start receiving reports to your email about which emails failed SPF, DKIM and DMARC.

It also provides other useful information, such as the sender’s IP address, so you can see if they’re an authorized sender or not. You can see what percentage of your emails are being authenticated, which will affect deliverability, and you can check how many emails each IP sends, in case of suspicious activity.

2. Control

When you have information, you also have control. You can see if you’re having delivery issues due to DMARC, in which case you can take immediate action to rectify the problem and boost your email deliverability.

Additionally, if you spot an abusive IP spoofing your domain, you can even contact their hosting provider and have them taken down, eliminating the threat. When you have control over your communication channels, you’re also taking back control of your brand.

3. Security

This is the most obvious benefit of DMARC, since it was created with the intention of securing email senders and receivers from the dangers of phishing. With DMARC, the security benefits are twofold: both your staff and customers are protected from spam.

Attackers that impersonate your boss or CEO send phishing emails to your employees to get them to transfer money or give access to sensitive data. In other cases, they impersonate your brand and send fake emails to customers or the public.

In both scenarios, if the email comes from an unauthorized source, DMARC will identify it, and if you’re 100% DMARC enforced, the email will be automatically rejected.

4. Visibility

DMARC makes it possible to use BIMI (Brand Indicators for Message Identification). This protocol attaches your brand’s logo next to every email you send. If your email is validated by DMARC, the user will see your logo in the inbox.

This is useful for two reasons: Brand visibility, and Customer trust. Not only will users come to recognize and feel familiar with your brand after regularly seeing your logo, but they’ll know that only emails with your logo next to them are genuine.

5. Deliverability

Implementing DMARC tells your email service provider that you’re using a higher level of security than most domains. This will increase your domain’s reputation with the provider, and it will make it less likely for your genuine, authenticated emails to accidentally be marked as spam.

More emails make it to your customers’ inboxes, which means more clicks and engagement. And that never hurt, did it?

The DMARC journey is a carefully tuned process that looks at all aspects of your email usage patterns. Through careful monitoring and analysis, you can go from zero to 100% DMARC enforcement in just a couple of weeks. Here’s how it works.

 

Get in touch with us now to know more or start a free trial in order for us to provide you a fast track path to DMARC enforcement.

 

DMARC UK Provider

All of us at PowerDMARC are proud to announce that we have joined UK Crown Commercial Services G-Cloud 12 framework!

The UK Government’s Digital Marketplace is an online service for public sector organizations looking for services, people and technologies for various digital initiatives. It was created with the objective of making it easier and more cost-effective for public sector bodies in the UK to find and use cloud technology solutions.

Being a DMARC UK SaaS provider

We’ll be part of their G-Cloud framework as a supplier of DMARC authentication and cybersecurity services, listed in the Software-as-a-Service (SaaS) category of G-Cloud. Add a section for our link to their digital market place

Learn more about the G-Cloud 12 framework here:

https://www.digitalmarketplace.service.gov.uk/buyers/direct-award/g-cloud/start

https://www.digitalmarketplace.service.gov.uk/g-cloud/services/124488964256084

Proud to be United Kingdom DMARC Analyzer Tool Monitoring Service provider.

PowerDMARC is extending its DMARC Services in France

PowerDMARC, a Delaware-based DMARC and cybersecurity services provider, is announcing their latest partnership with Config, a French IT solutions distributor operating in Paris. A major player in the IT security and network services space in France, Config is looking to expand into the spheres of email security and authentication seeking out the best DMARC services in France.

“Config is one of our first major distributors in Europe,” said Faisal Al Farsi, Co-Founder, and CEO of PowerDMARC. “It’s a big step for us as a growing email authentication platform because France is a very progressive country for pioneering tech in cyberspace. We’re really looking forward to expanding operations there and seeing increased DMARC adoption across Europe as a whole.”

For the last 20 years, Config has been a part of the growth of IT solutions and security in France. They boast a number of established clients that rely on their expertise to secure their network systems, servers and more. One of their hallmarks is providing tailor-made services that are fine-tuned to their clients’ needs, enabling them to act on security incidents quickly and effectively. 

Through this strategic partnership, Config has their sights on DMARC authentication services going big in France and securing their positions as the leading distributor of advanced PowerDMARC technology. By adding PowerDMARC solutions to their already wide array of solutions and implementing DMARC services in France, they’re expected to make an impact in helping businesses both big and small secure their brands against spoofing attacks and email compromise.

Zouhir El Kamel, Founder and CEO of Config, commented on the new partnership. “There’s a lot of ground to be covered,” he said. “French businesses have only begun to recognize the importance of DMARC authentication in the last few years. We already have an established base of operations in France, Switzerland, Morocco and Africa, and puts us in a good position to help businesses in these countries get the security they need. With PowerDMARC’s platform, we’re confident we can make a difference.”


CONFIG (www.config.fr) is a value-added distributor  who accompanies more than 1000 integrators, editors and resellers in the sale of solutions distributed in the following ecosystems: 

Security and Cybersecurity Networks  Storage  Virtualisation and Cloud Solutions of  Vidéoprotection Config proposes to his partners  a custom-made support thanks to innovative marketing actions encouraging lead generation, the developed skills via technical trainings and certifications (Approved Center ATC) and a lot of différenciants services to develop the activity of the suppliers and the partners.

Config is headquartered in Paris, France, and now has more than 120 employees and several subsidiaries (Switzerland, Morocco, Tunisia, Algeria, Senegal, Ivory Coast, Sub-Saharan Africa).

 

Breaking Down DMARC Myths

For a lot of people, it’s not immediately clear what DMARC does or how it prevents domain spoofing, impersonation and fraud. This can lead to serious misconceptions about DMARC, how email authentication works, and why it’s good for you. But how do you know what’s right and what’s wrong? And how can you be sure you’re implementing it correctly? 

PowerDMARC is here to the rescue! To help you understand DMARC better, we’ve compiled this list of the top 6 most common misconceptions about DMARC.

Misconceptions about DMARC

1. DMARC is the same as a spam filter

This is one of the most common things people get wrong about DMARC. Spam filters block incoming emails that is delivered to your inbox. These can be suspicious emails sent from anyone’s domain, not just yours. DMARC, on the other hand, tells receiving email servers how to handle outgoing emails sent from your domain. Spam filters like Microsoft Office 365 ATP don’t protect against such cyberattacks. If your domain is DMARC-enforced and the email fails authentication, the receiving server rejects it.

2. Once you set up DMARC, your email is safe forever

DMARC is one of the most advanced email authentication protocols out there, but that doesn’t mean it’s completely self-sufficient. You need to regularly monitor your DMARC reports to make sure emails from authorized sources are not being rejected. Even more importantly, you need to check for unauthorized senders abusing your domain. When you see an IP address making repeated attempts to spoof your email, you need to take action immediately and have them blacklisted or taken down.

3. DMARC will reduce my email deliverability

When you set up DMARC, it’s important to first set your policy to p=none. This means that all your emails still get delivered, but you’ll receive DMARC reports on whether they passed or failed authentication. If during this monitoring period you see your own emails failing DMARC, you can take action to solve the issues. Once all your authorized emails are getting validated correctly, you can enforce DMARC with a policy of p=quarantine or p=reject.

4. I don’t need to enforce DMARC (p=none is enough)

When you set up DMARC without enforcing it (policy of p=none), all emails from your domain—including those that fail DMARC—get delivered. You’ll be receiving DMARC reports but not protecting your domain from any spoofing attempts. After the initial monitoring period (explained above), it’s absolutely necessary to set your policy to p=quarantine or p=reject and enforce DMARC.

5. Only big brands need DMARC

Many smaller organizations believe that it’s only the biggest, most recognizable brands that need DMARC protection. In reality, cybercriminals will use any business domain to launch a spoofing attack. Many smaller businesses typically don’t have dedicated cybersecurity teams, which makes it even easier for attackers to target small and medium-sized organizations. Remember, every organization that has a domain name needs DMARC protection!

6. DMARC Reports are easy to read

We see many organizations implementing DMARC and having the reports sent to their own email inboxes. The problem with this is that DMARC reports come in an XML file format, which can be very difficult to read if you’re not familiar with it. Using a dedicated DMARC platform can not only make your setup process much easier, but PowerDMARC can convert your complex XML files into easy-to-read reports with graphs, charts, and in-depth stats.

 

New Zealand’s top 200 companies and government departments are facing serious DMARC compliance issues, putting them at 36th spot worldwide.

In recent years, many major countries around the world have begun to recognize the importance of email security to prevent phishing attacks. In this climate of rapid change in cybersecurity practices, New Zealand has been lagging behind its peers in its levels of awareness and response to global security trends.

We conducted a study of 332 domains of organizations both in the public and private sectors. Among the domains we surveyed were:

  • Deloitte Top 200 List (2019)
  • New Zealand’s top energy companies
  • Top telecom companies
  • NZ registered banks
  • The New Zealand Government (excluding Crown entities).

By studying their public DNS records and gathering data on their SPF and DMARC statuses, we were able to gather data on how well-protected major New Zealand organizations are against spoofing. You can download our study to find out the details behind these numbers:

  • Only 37 domains, or 11%, had enforced DMARC at a level of quarantine or reject, which is required to stop domain spoofing.
  • Less than 30% of Government domains had implemented DMARC correctly at any level.
  • 14% of organizations observed had invalid SPF records and 4% had invalid DMARC records — many of them had errors in their records, and some even had multiple SPF and DMARC records for the same domain.

Our full study contains an in-depth exploration of the biggest hurdles New Zealand companies face in effectively implementing DMARC.