Cyber criminals have known about this flaw and have been exploiting it for years. In fact, 91% of cybercrime begins with an email, Deloitte reported in 2023. One form of email attack is Phishing, which is one of the oldest forms of email security risk and is often jokingly referenced in terms of Nigerian Prince scams. These days phishing is the practice of impersonating a well-know and established brand to trick recipients into clicking a malicious link or downloading an attachment infected with malware. The criminals are also attempting to trick people into paying altered invoiced which have different bank details on. It is easy money for these criminal groups because they can send out mass campaigns for very little cost, yielding returns from thousands to millions of pounds per campaign depending on the scale. We hear businesses falling victim to these attacks daily in the press.
So how do we protect our businesses and our brands?
The email industry created SPF & DKIM to attempt to close some of these vulnerabilities. These email authentication protocols work together to prove that an email received by a recipient came from an authorised email system and has not been altered on route. The issue with just having these protocols is the recipient still does not know what to do with an email if it fails either of these checks. That is where DMARC comes in. DMARC is protocol that was created in 2012, that tells recipient mail servers how to handle emails that are using your domain. If they have not come from one of your trusted senders, ideally it should instruct them to reject the message. DMARC also generated feedback reports which you can use to understand any issues with your SPF & DKIM settings and highlight when your domains are being attempted to be used for malicious purposes.
Increasingly as businesses are implementing additional inbound email protection, something all businesses should be doing, the cyber criminals are focusing on attempting to use those domains to attack their supply chain and customers instead.
This visibility into what a business’s domain(s) is doing can be valuable to help protect their brand.
What should all business be doing to protect themselves?
Implement Advanced Inbound Email protection Something that not only check the incoming emails SPF & DKIM but also scans attachments and links for malicious purposes. If you can catch these emails before they reach the recipient, there is less risk of your systems getting compromised. Standard email filters do not provide enough of a defence to the number of attacks going on.
- Implement DMARC Ensure all the systems your business uses are properly authorised and that any email that does not meet the DMARC policy is rejected (p=reject).
- End User Awareness Training No matter how good your protection is something will eventually get through. The cyber criminals are continually honing their attacks, so good end user training is vital. Teach your end users to question is this email legitimate and how to check. Create a culture where everyone is vigilant and can report suspicious emails. Your end-users are your last line of defence
- Implement MTA-STS & TLS RPT MTA-STS and TLS RPT is important because it enhances the security and privacy of email communication. By enforcing TLS encryption and certificate validation, MTA-STS prevents attackers from intercepting, modifying, or spoofing emails in transit. This reduces the risk of phishing, malware, spam, and identity theft. MTA-STS also helps email servers to comply with the security standards and regulations of their industry or region. MTA-STS and DMARC complement each other in enhancing the security and privacy of email communication. MTA-STS protects the connection between email servers from interception and modification, while DMARC protects the content and header of the email from spoofing and phishing. By using both protocols, email servers and users can achieve a higher level of trust and confidence in their email communication.
- Implement BIMI BIMI works by linking a verified logo image to a domain name that has implemented email authentication protocols, such as SPF, DKIM, and DMARC. BIMI is important for several reasons. First, it helps email senders to increase their brand recognition and reputation, as their logo image becomes more visible and consistent across different platforms and devices. Second, it helps email recipients to identify and trust the source of the messages, as the logo image serves as a visual cue that the sender is authentic and verified. Third, it helps to combat email fraud and phishing, as malicious actors would have a harder time to spoof the logo image of a legitimate sender, especially if the sender also implements a DMARC policy that rejects or quarantines unauthenticated messages.
- Implement Apple Business Connect Similar to BIMI, Apple provides a service (completely free) that enabled businesses to not only put their business on Apple Maps, but also to register their brand, supporting branded mail within the Apple eco system. http://businessconnect.apple.com/
Email cyber defence is a continuously changing environment that requires admins to be vigilant and reactive to the new threats posed by cyber criminals. Having a reliable DMARC provider in place to protect your domain(s) and report back on what is happening is vital for safeguarding your business. A comprehensive email spam filter system should also be implemented, along with solid air-gapped backups of all your data. Finally, continuous end-user training is perhaps the most important factor to consider. Much of cyber-crime is rooted in psychology, so your end users need to know how to protect themselves.