Posts

Email serves as a critical channel for B2B lead generation and customer communications, but it is also one of the most widely targeted channels for cyberattacks and email fraud scams. Cybercriminals are always innovating their attacks in order to steal more information and financial assets. As organizations continue to fight back with stronger security measures, cybercriminals must constantly evolve their tactics and improve their phishing and spoofing techniques.

In 2021, a drastic increase in the use of machine learning (ML) and artificial intelligence (AI) based phishing attacks that are going undetected by traditional email security solutions have been detected by security researchers from around the world. The main aim of these attacks are to manipulate human behaviour and trick people into performing unauthorized actions – like transferring money to fraudsters’ accounts.

While the threat of email-based attacks and email fraud are always evolving, don’t stay behind. Know the email fraud trends that will take place in the following years in terms of fraudster tactics, tools, and malware. Through this blog post I’ll show you how cybercriminals are developing their tactics, and explain how your business can prevent this kind of email attack from taking place.

Types Of Email Fraud Scams to Beware of in 2021

1. Business Email Compromise (BEC)

COVID-19 has compelled organizations to implement remote-working environments and shift to virtual communication between employees, partners, and customers. While this has a few benefits to list down, the most apparent downside is the alarming rise in BEC over the past year. BEC is a broader term used for referring to email fraud attacks like email spoofing and phishing.

The common idea is that a cyber attacker uses your domain name to send emails to your partners, customers, or employees trying to steal corporate credentials to gain access to confidential assets or initiate wire transfers. BEC has affected more than 70% of organizations over the past year and has led to the loss of billions of dollars worth of company assets.

2. Evolved Email Phishing Attacks

Email phishing attacks have drastically evolved in the past few years although the motive has remained the same, it is the medium to manipulate your trusted partners, employees and clients into clicking on malicious links encapsulated within an email that appears to be sent from you, in order to initiate the installation of malware or credential theft. Evolved email scammers are sending phishing emails that are hard to detect. From writing impeccable subject lines and error-free content to creating fake landing pages with a high level of accuracy, manually tracing their activities have become increasingly difficult in 2021.

3. Man-In-The-Middle

Gone are the days when attackers sent out poorly-written emails that even a layman could identify as fraudulent. Threat actors these days are taking advantage of SMTP security problems like the use of opportunistic encryption in email transactions between two communicating email servers, by eavesdropping on the conversation after successfully rolling back the secured connection to an unencrypted one. MITM attacks like SMTP downgrade and DNS spoofing have been increasingly gaining popularity in 2021.

4. CEO Fraud

CEO fraud refers to the schemes that are being conducted that target high-level executives in order to gain access to confidential information. Attackers do this by taking the identities of actual people such as CEOs or CFOs and sending a message to people at lower levels within the organization, partners and clients, tricking them into giving away sensitive information. This type of attack is also called Business Email Compromise or whaling. In a business setting, some criminals are venturing to create a more believable email, by impersonating the decision-makers of an organization. This allows them to ask for easy money transfers or sensitive information about the company.

5. COVID-19 Vaccine Lures

Security researchers have unveiled that hackers are still trying to capitalize on the fears tied to the COVID-19 pandemic. Recent studies shed light on the cybercriminal mindset, revealing a continued interest in the state of panic surrounding the COVID-19 pandemic and a measurable uptick in phishing and business email compromise (BEC) attacks targeting company leaders. The medium for perpetrating these attacks is a fake COVID-19 vaccine lure that instantly raises interest among email receivers.

How Can You Enhance Email Security?

  • Configure your domain with email authentication standards like SPF, DKIM and DMARC
  • Shift from DMARC monitoring to DMARC enforcement to gain maximum protection against BEC, CEO fraud and evolved phishing attacks
  • Consistently monitor email flow and authentication results from time to time
  • Make encryption mandatory in SMTP with MTA-STS to mitigate MITM attacks
  • Get regular notifications on email delivery issues with details on their root causes with SMTP TLS reporting (TLS-RPT)
  • Mitigate SPF permerror by staying under the 10 DNS lookup limit at all times
  • Help your recipients visually identify your brand in their inboxes with BIMI

PowerDMARC is your single email authentication SaaS platform that assembles all email authentication protocols like SPF, DKIM, MTA-STS, TLS-RPT and BIMI on a single pane of glass. Sign up today to get your free DMARC analyzer! 

Encryption is optional in SMTP which implies that emails can be sent in plaintext. Mail Transfer Agent-Strict Transport Security (MTA-STS) is a relatively new standard that enables mail service providers to enforce Transport Layer Security (TLS)  to secure SMTP connections, and to specify whether the sending SMTP servers should refuse to deliver emails to MX hosts that do not support TLS. It has been proven to successfully mitigate TLS downgrade attacks and Man-In-The-Middle (MITM) attacks.

Enabling MTA-STS is simply not enough as you require an effective reporting mechanism to detect failures in establishing an encrypted channel. SMTP TLS Reporting (TLS-RPT) is a standard that enables the reporting of issues in TLS connectivity that is experienced by applications that send emails and detect misconfigurations. It enables the reporting of email delivery issues that take place when an email isn’t encrypted with TLS.

Easy MTA-STS Implementation with PowerMTA-STS

Implementing MTA-STS is an arduous task that involves a lot of complexities during adoption. From generating policy files and records to maintaining the web server and hosting certificates, it is a long drawn process. PowerDMARC has got you covered! Our hosted MTA-STS services provide the following benefits:

  • Publish your DNS CNAME records with just a few clicks
  • We take the responsibility of maintaining the policy web server and hosting the certificates
  • You can make MTA-STS policy changes instantly and with ease, through the PowerDMARC dashboard, without having to manually make changes to the DNS
  • PowerDMARC’s hosted MTA-STS services are RFC compliant and support the latest TLS standards
  • From generating certificates and MTA-STS policy files to policy enforcement, we help you evade the tremendous complexities involved in adopting the protocol

Why Do Emails Require Encryption in Transit?

Since security had to be retrofitted in SMTP to make sure it was backward compatible by adding the STARTTLS command to initiate TLS encryption, in case the client doesn’t support TLS the communication falls back to cleartext. This way emails in transit can fall prey to pervasive monitoring attacks like MITM, wherein cybercriminals can eavesdrop on your messages, and alter and tamper with information by replacing or deleting the encryption command (STARTTLS), making the communication roll back to plaintext.

This is where MTA-STS comes to the rescue, making TLS encryption mandatory in SMTP. This helps in reducing the threats of MITM, DNS Spoofing and Downgrade attacks.

After successfully configuring MTA-STS for your domain, what you need is an efficient reporting mechanism that would help you detect and respond to issues in email delivery due to problems in TLS encryption at a faster pace. PowerTLS-RPT does exactly that for you!

Receive Reports on Email Delivery Issues with PowerTLS-RPT

TLS-RPT is fully integrated into the PowerDMARC security suite so that as soon as you sign up with PowerDMARC and enable SMTP TLS Reporting for your domain, we take the pain of converting the complicated JSON files containing your reports of email delivery issues, into simple, readable documents that you can go through and understand with ease!

On the PowerDMARC platform, TLS-RPT aggregate reports are generated in two formats for ease of use, better insight, and enhanced user-experience:
  • Aggregate Reports Per Result
  • Aggregate Reports Per Sending Source

Moreover, PowerDMARC’s platform automatically detects and subsequently conveys the issues you are facing, so that you can promptly address and resolve them in no time.

Why Do You Need SMTP TLS Reporting?

In case of failures in email delivery due to issues in TLS encryption, with TLS-RPT you will get notified. TLS-RPT provides enhanced visibility on all your email channels so that you gain better insight on all that is going on in your domain, including messages that are failing to be delivered. Furthermore, it provides in-depth diagnostic reports that enable you to identify and get to the root of the email delivery issue and fix it without any delay.

For getting hands-on knowledge on MTA-STS and TLS-RPT implementation and adoption, view our detailed guide today!

Configure DMARC for your domain with PowerDMARC, and deploy email authentication best practices like SPF, DKIM, BIMI, MTA-STS and TLS-RPT, all under one roof. Sign up for a free DMARC Trial today!

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between the mail transfer agents. However, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the servers, providing the ability to convert a non-secure connection into a secure one that is encrypted using TLS protocol.

However, encryption is optional in SMTP which implies that emails can be sent even in plaintext. Mail Transfer Agent-Strict Transport Security (MTA-STS) is a relatively new standard that enables mail service providers the ability to enforce Transport Layer Security (TLS)  to secure SMTP connections, and to specify whether the sending SMTP servers should refuse to deliver emails to MX hosts that that does not offer TLS with a reliable server certificate. It has been proven to successfully mitigate TLS downgrade attacks and Man-In-The-Middle (MITM) attacks. SMTP TLS Reporting (TLS-RPT) is a standard that enables the reporting of issues in TLS connectivity that is experienced by applications that send emails and detect misconfigurations. It enables the reporting of email delivery issues that take place when an email isn’t encrypted with TLS. In September 2018 the standard was first documented in RFC 8460.

Why Do Your Emails Require Encryption in Transit?

The primary goal is to improve transport-level security during SMTP communication and ensuring the privacy of email traffic. Moreover, encryption of inbound and outbound messages enhances information security, using cryptography to safeguard electronic information.  Furthermore, cryptographic attacks such as Man-In-The-Middle (MITM)  and TLS Downgrade have been gaining popularity in recent times and have become a common practice among cybercriminals, which can be evaded by enforcing TLS encryption and extending support to secure protocols.

How Is a MITM Attack Launched?

Since encryption had to be retrofitted into SMTP protocol, the upgrade for encrypted delivery has to rely on a STARTTLS command that is sent in cleartext. A MITM attacker can easily exploit this feature by performing a downgrade attack on the SMTP connection by tampering with the upgrade command, forcing the client to fall back to sending the email in plaintext.

After intercepting the communication a MITM attacker can easily steal the decrypted information and access the content of the email. This is because SMTP being the industry standard for mail transfer uses opportunistic encryption, which implies that encryption is optional and emails can still be delivered in cleartext.

How Is a TLS Downgrade Attack Launched?

Since encryption had to be retrofitted into SMTP protocol, the upgrade for encrypted delivery has to rely on a STARTTLS command that is sent in cleartext. A MITM attacker can exploit this feature by performing a downgrade attack on the SMTP connection by tampering with the upgrade command. The attacker can simply replace the STARTTLS with a string that the client fails to identify. Therefore, the client readily falls back to sending the email in plaintext.

In short, a downgrade attack is often launched as a part of a MITM attack, so as to create a pathway for enabling an attack that would not be possible in case of a connection that is encrypted over the latest version of TLS protocol, by replacing or deleting the STARTTLS command and rolling back the communication to cleartext.

Apart from enhancing information security and mitigating pervasive monitoring attacks, encrypting messages in transit also solves multiple SMTP security problems.

Achieving Enforced TLS Encryption of Emails with MTA-STS

If you fail to transport your emails over a secure connection, your data could be compromised or even modified and tampered with by a cyber attacker. Here is where MTA-STS steps in and fixes this issue, enabling safe transit for your emails as well as successfully mitigating cryptographic attacks and enhancing information security by enforcing TLS encryption. Simply put, MTA-STS enforces the emails to be transferred over a TLS encrypted pathway, and in case an encrypted connection cannot be established the email is not delivered at all, instead of being delivered in cleartext. Furthermore, MTAs store MTA-STS policy files, making it more difficult for attackers to launch a DNS spoofing attack.

 

MTA-STS offers protection against :

  • Downgrade attacks
  • Man-In-The-Middle (MITM) attacks
  • It solves multiple SMTP security problems, including expired TLS certificates and lack of support for secure protocols.

Major mail service providers such as Microsoft, Oath, and Google support MTA-STS. Google being the largest industry player, attains centre-stage while adopting any protocol, and the adoption of MTA-STS by google indicates the extension of support towards secure protocols and highlights the importance of email encryption in transit.

Troubleshooting Issues in Email Delivery with TLS-RPT

SMTP TLS Reporting provides domain owners with diagnostic reports (in JSON file format) with elaborate details on emails that have been sent to your domain and are facing delivery issues, or couldn’t be delivered due to a downgrade attack or other issues, so that you can fix the problem proactively. As soon as you enable TLS-RPT, acquiescent Mail Transfer Agents will begin sending diagnostic reports regarding email delivery issues between communicating servers to the designated email domain. The reports are typically sent once a day, covering and conveying the MTA-STS policies observed by senders, traffic statistics as well as information on failure or issues in email delivery.

The need for deploying TLS-RPT :

  • In case an email fails to be sent to your recipient due to any issue in delivery, you will get notified.
  • TLS-RPT provides enhanced visibility on all your email channels so that you gain better insight on all that is going on in your domain, including messages that are failing to be delivered.
  • TLS-RPT provides in-depth diagnostic reports that enable you to identify and get to the root of the email delivery issue and fix it without any delay.

Adopting MTA-STS and TLS-RPT Made Easy and Speedy by PowerDMARC

MTA-STS requires an HTTPS-enabled web server with a valid certificate, DNS records, and constant maintenance. PowerDMARC makes your life a whole lot easier by handling all of that for you, completely in the background- from generating certificates and MTA-STS policy file to policy enforcement, we help you evade the tremendous complexities involved in adopting the protocol. Once we help you set it up with just a few clicks, you never even have to think about it again.

With the help of PowerDMARC’s Email Authentication Services, you can deploy Hosted MTA-STS at your organization without the hassle and at a very speedy pace, with the help of which you can enforce emails to be sent to your domain over a TLS encrypted connection, thereby making your connection secure and keeping MITM attacks at bay.

PowerDMARC makes your life easier by making the process of implementation of SMTP TLS Reporting (TLS-RPT) easy and speedy, at your fingertips! As soon as you sign up with PowerDMARC and enable SMTP TLS Reporting for your domain, we take the pain of converting the complicated JSON files containing your reports of email delivery issues, into simple, readable documents (per result and per sending source), that you can go through and understand with ease! PowerDMARC’s platform automatically detects and subsequently conveys the issues you are facing in email delivery, so that you can promptly address and resolve them in no time!

Sign up to get your free DMARC today!