Posts

Let’s talk about spoofing for a minute. When you hear words like ‘phishing’, ‘business email compromise’ or ‘cybercrime’, what’s the first that pops into your head? Most people would think about something on the lines of email security, and chances are, you did, too. And that’s absolutely right: each of the terms I just mentioned are forms of cyberattack, where a criminal uses social engineering and other techniques to gain access to sensitive information and money. Obviously that’s bad, and organizations should do everything they can to protect themselves against it.

But there’s another side to this, one that some organizations simply don’t consider, and it’s one that’s equally important to them. Phishing doesn’t just put you at a higher risk of losing data and money, but your brand stands an equally large chance of losing out, too. In fact, that chance is as high as 63%: that’s how many consumers are likely to stop shopping a brand after just a single unsatisfactory experience.

How Do Email Phishing Attacks Harm Your Brand?

Understanding how phishing can compromise your organization’s systems is fairly straightforward. But the long-term effects of a single cyberattack? Not so much.

Think about it this way. In most cases, a user checking their email is likely going to click on an email from a person or brand they know and trust. If the email looks realistic enough, they wouldn’t even notice the difference between one that’s fake and one that’s not. The email might even have a link leading to a page that looks exactly like your organization’s login portal, where they type in their username and password.

Later on, once they hear that their credit card details and address have been leaked to the public, there’s nowhere to turn to but your organization. After all, it was ‘your email’ that caused the disaster, your lack of security. When your own customers totally lose faith in your brand and its credibility, it can cause huge problems for the optics of your brand. You’re not just the company that got hacked, you’re the company that allowed their data to be stolen through an email you sent.

It’s not hard to see how this could seriously hurt your bottom line in the long run, especially when new, potential customers are turned off by the prospect of being another victim of your emails. Cybercriminals take the trust and loyalty that your customers have in your brand, and actively use it against you. And that’s what makes Business Email Compromise (BEC) so much more than a technical security issue.

What Are Some of the Worst-Hit Industries?

Pharmaceutical companies are some of the most frequently targeted businesses for phishing and cyberattacks. According to a study of Fortune 500 pharmaceutical companies, in just the last 3 months of 2018, each company faced on average 71 email fraud attacks. That’s because drug companies hold valuable intellectual property on new chemicals and pharmaceutical products. If an attacker can steal this information, they can sell them on the black market for a hefty profit.

Construction and real estate companies aren’t too far behind, either. Financial service companies and financial institutions in particular face the constant threat of having sensitive data or large sums of money stolen from them through carefully planned Business as well as Vendor Email Compromise (VEC) attacks. 

All these industries benefit greatly from customers trusting their brands, and their relationship with the brands directly influences their business with the companies. If a consumer were to feel like that company wasn’t capable of keeping their data, money or other assets safe, it would be detrimental to the brand, and sometimes, irreparably so.

Learn more about email security for your specific industry.

How Can You Save Your Brand?

Marketing is all about building your brand image into something that audiences won’t just remember, but associate with quality and reliability. And the first step towards that is by securing your domain.

Cybercriminals spoof your organization’s domain and impersonate your brand, so when they send an email to an unsuspecting user, it will appear like it’s coming from you. Rather than expecting users to identify which emails are real and which ones aren’t (which very often is almost impossible, particularly for the layman), you can instead prevent those emails from entering users’ inboxes entirely.

DMARC is an email authentication protocol that acts like an instruction manual for a receiving email server. Every time an email is sent from your domain, the receiver’s email server checks your DMARC records (published on your DNS), and validates the email. If the email is legitimate, it ‘passes’ DMARC authentication, and gets delivered to the user’s inbox.

If the email is from an unauthorized sender, depending on your DMARC policy, the email can be either sent directly to spam, or even blocked outright.

Learn more about how DMARC works here.

DMARC can almost completely eliminate all spam emails that originate from your domain, because instead of blocking fake emails as they leave your domain, it instead checks for authenticity as the email arrives in the receiver’s server.

If you’ve already implemented DMARC and are looking for ways to take your brand security even further, there’s Brand Indicators for Message Identification (BIMI). This new email security standard affixes your brand’s logo next to every email from your domain that’s been authenticated by DMARC.

Now, when your customers see an email you’ve sent, they’ll associate your logo with your brand, improving brand recall. And when they see your logo, they’ll learn to only trust emails that have your logo next to them.

Learn more about BIMI here. 

When you’re in the cybersecurity space for as long as we’ve been, you start to notice patterns in how some organizations view the purpose of security. A lot of people see cybersecurity measures more as a way to meet compliance standards than to actually secure their digital processes. This is a rather myopic way of looking at it, because it fails to properly convey the real-world utility security has.

In a recent article by Gartner, they listed 10 top security projects for 2020-2021. According to security and risk management leaders, these are the most important strategies for organizations to not only mitigate the risk to their brand, but actually drive up their business value. “The key is to prioritize business enablement and reduce risk,” writes Kasey Panetta, ” and communicate those priorities effectively to the business.”

Among others, DMARC was listed as one of the most important security measures organizations can leverage for their business. So how does that work exactly? How is it supposed to improve your business value in the long run? Let’s find out.

DMARC is About More Than Just Email

Sure, if we’re going to be technical, then yes. DMARC is an email authentication protocol that helps receiving servers weed out fake email sent from your domain. But when properly implemented, DMARC is a tool brands can use to build trust, credibility and authenticity through their digital communications. It’s also a way to ensure that the brand message you’re trying to convey isn’t diluted or dampened by impersonation attempts.

It’s incredibly difficult for the average user to tell when they’re being spoofed, because of how innocuous the emails often look. They can be as simple as asking your customer to log in to your online service to update information, like these massive Office 365 phishing scams that compromised thousands of accounts. Or it could be as complex and carefully orchestrated as the Silent Starling attack of 2019.

DMARC protection isn’t just going to keep the spam email out of your customers’ inboxes. It’s how you’re going to ensure that your customers have the confidence to click on your emails when they see them. Email authentication doesn’t just bring measurable benefits like increased delivery rates, it offers real-world benefits to your brand that go beyond numbers on a graph.

5 Benefits of DMARC for Business

1. Information

This is the most tangible and measurable benefit of DMARC, and it comes in the form of DMARC reports. Once you set up DMARC, you can start receiving reports to your email about which emails failed SPF, DKIM and DMARC.

It also provides other useful information, such as the sender’s IP address, so you can see if they’re an authorized sender or not. You can see what percentage of your emails are being authenticated, which will affect deliverability, and you can check how many emails each IP sends, in case of suspicious activity.

2. Control

When you have information, you also have control. You can see if you’re having delivery issues due to DMARC, in which case you can take immediate action to rectify the problem and boost your email deliverability.

Additionally, if you spot an abusive IP spoofing your domain, you can even contact their hosting provider and have them taken down, eliminating the threat. When you have control over your communication channels, you’re also taking back control of your brand.

3. Security

This is the most obvious benefit of DMARC, since it was created with the intention of securing email senders and receivers from the dangers of phishing. With DMARC, the security benefits are twofold: both your staff and customers are protected from spam.

Attackers that impersonate your boss or CEO send phishing emails to your employees to get them to transfer money or give access to sensitive data. In other cases, they impersonate your brand and send fake emails to customers or the public.

In both scenarios, if the email comes from an unauthorized source, DMARC will identify it, and if you’re 100% DMARC enforced, the email will be automatically rejected.

4. Visibility

DMARC makes it possible to use BIMI (Brand Indicators for Message Identification). This protocol attaches your brand’s logo next to every email you send. If your email is validated by DMARC, the user will see your logo in the inbox.

This is useful for two reasons: Brand visibility, and Customer trust. Not only will users come to recognize and feel familiar with your brand after regularly seeing your logo, but they’ll know that only emails with your logo next to them are genuine.

5. Deliverability

Implementing DMARC tells your email service provider that you’re using a higher level of security than most domains. This will increase your domain’s reputation with the provider, and it will make it less likely for your genuine, authenticated emails to accidentally be marked as spam.

More emails make it to your customers’ inboxes, which means more clicks and engagement. And that never hurt, did it?

The DMARC journey is a carefully tuned process that looks at all aspects of your email usage patterns. Through careful monitoring and analysis, you can go from zero to 100% DMARC enforcement in just a couple of weeks. Here’s how it works.

 

Get in touch with us now to know more or start a free trial in order for us to provide you a fast track path to DMARC enforcement.

 

All of us at PowerDMARC are proud to announce that we have joined UK Crown Commercial Services G-Cloud 12 framework!

The UK Government’s Digital Marketplace is an online service for public sector organizations looking for services, people and technologies for various digital initiatives. It was created with the objective of making it easier and more cost-effective for public sector bodies in the UK to find and use cloud technology solutions.

We’ll be part of their G-Cloud framework as a supplier of DMARC authentication and cybersecurity services, listed in the Software-as-a-Service (SaaS) category of G-Cloud. Add a section for our link to their digital market place

Learn more about the G-Cloud 12 framework here:

https://www.digitalmarketplace.service.gov.uk/buyers/direct-award/g-cloud/start

https://www.digitalmarketplace.service.gov.uk/g-cloud/services/124488964256084

PowerDMARC, a Delaware-based DMARC and cybersecurity services provider, is announcing their latest partnership with Config, a French IT solutions distributor operating in Paris. A major player in the IT security and network services space in France, Config is looking to expand into the spheres of email security and authentication.

“Config is one of our first major distributors in Europe,” said Faisal Al Farsi, Co-Founder and CEO of PowerDMARC. “It’s a big step for us as a growing email authentication platform, because France is a very progressive country for pioneering tech in cyberspace. We’re really looking forward to expanding operations there and seeing increased DMARC adoption across Europe as a whole.”

For the last 20 years, Config has been a part of the growth of IT solutions and security in France. They boast a number of established clients that rely on their expertise to secure their network systems, servers and more. One of their hallmarks is providing tailor-made services that are fine-tuned to their clients’ needs, enabling them to act on security incidents quickly and effectively. 

Through this strategic partnership, Config has their sights on DMARC authentication services going big in France and securing their positions as the leading distributor of advanced PowerDMARC technology. By adding PowerDMARC solutions to their already wide array of solutions, they’re expected to make an impact in helping businesses both big and small secure their brands against spoofing attacks and email compromise.

Zouhir El Kamel, Founder and CEO of Config, commented on the new partnership. “There’s a lot of ground to be covered,” he said. “French businesses have only begun to recognize the importance of DMARC authentication in the last few years. We already have an established base of operations in France, Switzerland, Morocco and Africa, and puts us in a good position to help businesses in these countries get the security they need. With PowerDMARC’s platform, we’re confident we can make a difference.”


CONFIG (www.config.fr) is a value-added distributor  who accompanies more than 1000 integrators, editors and resellers in the sale of solutions distributed in the following ecosystems: 

Security and Cybersecurity Networks  Storage  Virtualisation and Cloud Solutions of  Vidéoprotection Config proposes to his partners  a custom-made support thanks to innovative marketing actions encouraging lead generation, the developed skills via technical trainings and certifications (Approved Center ATC) and a lot of différenciants services to develop the activity of the suppliers and the partners.

Config is headquartered in Paris, France, and now has more than 120 employees and several subsidiaries (Switzerland, Morocco, Tunisia, Algeria, Senegal, Ivory Coast, Sub-Saharan Africa).

 

When it comes to cybercrime and security threats, Business Email Compromise (BEC) is the big daddy of email fraud. It’s the type of attack most organizations are the least prepared for, and one they’re most likely to get hit by. Over the past 3 years, BEC has cost organizations over $26 billion. And it can be shockingly easy to execute.

BEC attacks involve the attacker impersonating a higher-up executive at the organization, sending emails to a newly hired employee, often in the financial department. They request fund transfers or payments of fake invoices, which if executed well enough, can convince a less experienced employee to initiate the transaction.

You can see why BEC is such a huge problem among major organizations. It’s difficult to monitor the activities of all your employees, and the less experienced ones are more prone to falling for an email that seems to be coming from their boss or CFO. When organizations asked us what’s the most dangerous cyberattack they needed to watch out for, our answer was always BEC.

That is, until Silent Starling.

Organized Cybercrime Syndicate

The so-called Silent Starling is a group of Nigerian cybercriminals with a history in scams and fraud going as far back as 2015. In July 2019, they engaged with a major organization, impersonating the CEO of one of their business partners. The email asked for a sudden, last minute change in bank details, requesting an urgent wire transfer.

Thankfully, they discovered the email was fake before any transaction occurred, but in the ensuing investigation, the disturbing details of the group’s methods came to light.

In what’s now being called Vendor Email Compromise (VEC), the attackers launch a significantly more elaborate and organized attack than typically happens in conventional BEC. The attack has 3 separate, intricately planned-out phases that seem to require a lot more effort than what most BEC attacks usually require. Here’s how it works.

VEC: How to Defraud a Company in 3 Steps

Step 1: Breaking in

The attackers first gain access to the email account of one or more individuals at the organization. This is a carefully orchestrated process: they find out which companies lack DMARC-authenticated domains. These are easy targets to spoof. Attackers gain access by sending employees a phishing email that looks like a login page and steal their login credentials. Now they have complete access to the inner workings of the organization.

Step 2: Collecting information

This second step is like a stakeout phase. The criminals can now read confidential emails, and use this to keep an eye out for employees involved in processing payments and transactions. The attackers identify the target organization’s biggest business partners and vendors. They gather information about the inner workings of the organization — things like billing practices, payment terms, and even what official documents and invoices look like.

Step 3: Taking action

With all this intelligence collected, the scammers create an extremely realistic email and wait for the right opportunity to send it (usually just before a transaction is about to take place). The email is targeted at the right person at the right time, and is coming through a genuine company account, which makes it next to impossible to identify.

By perfectly coordinating these 3 steps, Silent Starling were able to compromise their target organization’s security systems and nearly managed to steal tens of thousands of dollars. They were among the first to try such an elaborate cyberattack, and unfortunately, they’ll certainly not be the last.

I Don’t Want to Be a Victim of VEC. What Do I Do?

The really scary thing about VEC is that even if you’ve managed to discover it before the scammers could steal any money, it does not mean no damage has been done. The attackers still managed to get complete access to your email accounts and internal communications, and were able to get a detailed understanding of how your company’s finances, billing systems and other internal processes work. Information, especially sensitive information like this, leaves your organization completely exposed, and the attacker could always attempt another scam.

So what can you do about it? How are you supposed to prevent a VEC attack from happening to you?

1. Protect your email channels

One of the most effective ways to stop email fraud is to not even let the attackers begin Step 1 of the VEC process. You can stop cybercriminals from gaining initial access by simply blocking the phishing emails they use to steal your login credentials.

The PowerDMARC platform lets you use DMARC authentication to stop attackers from impersonating your brand and sending phishing emails to your own employees or business partners. It shows you everything going on in your email channels, and instantly alerts you when something goes wrong.

2. Educate your staff

One of the biggest mistakes even larger organizations make is not investing a little more time and effort to educate their workforce with a background knowledge on common online scams, how they work, and what to look out for.

It can be very difficult to tell the difference between a real email and a well-crafted fake one, but there are often many tell-tale signs that even someone not highly trained in cybersecurity could identify.

3. Establish policies for business over email

A lot of companies just take email for granted, without really thinking about the inherent risks in an open, unmoderated communication channel. Instead of trusting each correspondence implicitly, act with the assumption that the person on the other end isn’t who they claim to be.

If you need to complete any transaction or share confidential information with them, you can use a secondary verification process. This could be anything from calling the partner to confirm, or have another person authorize the transaction.

Attackers are always finding new ways to compromise business email channels. You can’t afford to be unprepared.

 

For a lot of people, it’s not immediately clear what DMARC does or how it prevents domain spoofing, impersonation and fraud. This can lead to serious misconceptions about DMARC, how email authentication works, and why it’s good for you. But how do you know what’s right and what’s wrong? And how can you be sure you’re implementing it correctly? 

PowerDMARC is here to the rescue! To help you understand DMARC better, we’ve compiled this list of the top 6 most common misconceptions about DMARC.

1. DMARC is the same as a spam filter

This is one of the most common things people get wrong about DMARC. Spam filters block incoming email that are delivered to your inbox. These can be suspicious emails sent from anyone’s domain, not just yours. DMARC, on the other hand, tells receiving email servers how to handle outgoing email sent from your domain. Spam filters like Microsoft Office 365 ATP don’t protect against such cyberattacks. If your domain is DMARC-enforced and the email fails authentication, the receiving server rejects it.

2. Once you set up DMARC, your email is safe forever

DMARC is one of the most advanced email authentication protocols out there, but that doesn’t mean it’s completely self-sufficient. You need to regularly monitor your DMARC reports to make sure emails from authorized sources are not being rejected. Even more importantly, you need to check for unauthorized senders abusing your domain. When you see an IP address making repeated attempts to spoof your email, you need to take action immediately and have them blacklisted or taken down.

3. DMARC will reduce my email deliverability

When you set up DMARC, it’s important to first set your policy to p=none. This means that all your emails still get delivered, but you’ll receive DMARC reports on whether they passed or failed authentication. If during this monitoring period you see your own emails failing DMARC, you can take action to solve the issues. Once all your authorized emails are getting validated correctly, you can enforce DMARC with a policy of p=quarantine or p=reject.

4. I don’t need to enforce DMARC (p=none is enough)

When you set up DMARC without enforcing it (policy of p=none), all emails from your domain—including those that fail DMARC—get delivered. You’ll be receiving DMARC reports but not protecting your domain from any spoofing attempts. After the initial monitoring period (explained above), it’s absolutely necessary to set your policy to p=quarantine or p=reject and enforce DMARC.

5. Only big brands need DMARC

Many smaller organizations believe that it’s only the biggest, most recognizable brands that need DMARC protection. In reality, cybercriminals will use any business domains to launch a spoofing attack. Many smaller businesses typically don’t have dedicated cybersecurity teams, which makes it even easier for attackers to target small and medium-size organizations. Remember, every organization that has a domain name needs DMARC protection!

6. DMARC Reports are easy to read

We see many organizations implementing DMARC and having the reports sent to their own email inboxes. The problem with this is that DMARC reports come in an XML file format, which can be very difficult to read if you’re not familiar with it. Using a dedicated DMARC platform can not only make your setup process much easier, but PowerDMARC can convert your complex XML files into easy to read reports with graphs, charts and in-depth stats.