Day: March 4, 2021

We all know the greatest way for hackers to access our networks is through phishing attacks and email phishing scams. If a single user clicks on any malicious email attachment, ransomware, crypto-jacking, data leaks or privilege escalation vulnerabilities may compromise an entire enterprise. To try to minimize these opportunities, a variety of security protocols have been invented over the years.

This is particularly needed today when a lot of us are working from home and need all the security we can for our email.

The good news is that you now have options for implementing enhanced security protocols that will shield you from malicious emails for a long time. Perhaps better, whether you are the recipient or the sender, these enhanced protocols will shield you.

The different solutions are actually very complementary to each other. Chances are high that all three of them will be needed by the average business. The three solutions are:

• Sender Policy Framework (SPF), which hardens the DNS servers and limits who can send your domain emails.
• DomainKeys Defined Mail (DKIM), which guarantees that your email content remains trustworthy and has not been manipulated or compromised.
• Domain-based Message Authentication, Reporting and Conformance (DMARC), which links the first two protocols together with a consistent set of protocols.

What is SPF?

The Sender Policy Framework (SPF) hardens and limits who can send emails from your domain to your DNS servers. SPF can prevent spoofing of domains. This helps the mail server to evaluate when a letter is sent from the domain it uses. SPF has three key elements: a policy structure as the name suggests, a system of authentication, and specialized headers that express this information in the actual email itself.

What is DKIM?

DomainKeys Defined Mail (DKIM) guarantees that your email content remains trusted and has not been manipulated or compromised. It was first proposed in 2007 and has been revised on many occasions, most recently last month with IETF standard 8301. SPF and DKIM were both revised in 2014 to the IETF standard 7372.

What is DMARC?

Domain-based Message Authentication, Reporting, and Conformance, DMARC configuration connects the first two protocols together with a standard set of policies. It also connects the domain name of the sender with what is specified in the From header and has some better reporting from mail recipients as well. It was proposed in 2015 as IETF standard 7489.

Not only for recipients, DMARC protects the outgoing emails for senders in businesses too. A sender address is allocated to outgoing messages by the client application; outgoing email servers have no way of knowing whether the sender address is legitimate or spoofed.

Recipient servers and email phishing tools like DMARC can help detect and filter the spoofed messages.

Reasons for these protocols

Phishing attack prevention is a part of the explanation for the three different protocols. It has to do with the fact that each one solves a very different piece of the email puzzle. This is done by a combination of standard authentication and encryption tools, such as signing public and private keys and inserting unique DNS records to authenticate emails from your domains.

The evolution of the Internet email protocols themselves is another reason. It was mainly used by university researchers back in the early days of the Internet, where everyone knew the other’s name and trusted each other. Unfortunately, those days are long gone.

The message headers (such as the addresses To: and From: and Bcc:) were intentionally isolated from the actual message content itself. This was an attribute. But for IT administrators of the modern age, the separation has brought new worlds of pain.

You can be sure that messages can not be easily forged and that you can block them from ever darkening the inboxes of your users if your email infrastructure implements all three protocols properly.

Some complications…

Let’s look at the complicating factors.

First are the disappointing surveys on usage. While a Google survey showed that some security was used by 85 percent of received emails in its Gmail infrastructure, that is not true for the average email user of the company. A consultancy study by a leading email analytics and deliverability platform analyzed 21,000 of the top global domains and found that two of the three protocols have been implemented by just 20 percent. This agrees with another study, which indicates that DMARC implementation is properly used by just 15 percent of the F500, although the amount has doubled from a year ago.

Next, it is not easy to set up DMARC and the implementation is prone to a lot of operator errors. For example, you have to set it up for any domain and subdomain you own for SPF and DMARC email protection to operate. The configuration can become repetitive very quickly if your organization runs a lot of domains or subdomains. And you have to make sure that the correct DNS entries also protect every subdomain.

They have instructions about DKIM and how to create your domain key if you are using Google for your email. They have suggestions about how to configure the different DNS records if you are using cPanel to administer your domain. When you think you are done, you can use an online tool to verify that your email headers contain the appropriate DKIM keys.

Although there are resources to support it, it will take very advanced skills to get it configured. Even your corporate DNS guru might not be familiar with the commands needed by each protocol, since they are not commonly used and their syntax can be difficult to get exactly right. Setting up the protocols in a particular order can help.

All your email-consuming apps need to be monitored. You will not know how many different parts of your own infrastructure communicate with your email system when you first begin implementing these protocols.

Why are authentication protocols so important?

Many organizations think that a perfect way to serve their clients is by sending them bulk emails. Bulk emails containing significant service changes, recall notices, upgrade alerts, and other essential business details are efficient ways to keep clients up-to-date about how they will continue to profit from your business. Legitimate telemarketers seeking to hit their client targets with useful sales details are other organizations invested in sending bulk emails.

Unfortunately, as phishing attacks and spam emails are constantly growing, many organizations take an over-protective role in terms of incoming emails, particularly if they appear to be part of a mass mailing. This can contribute to the sending of significant, legitimate emails to spam folders where they will remain unread, or be fully rejected.

These protocols are being applied to their filtering methods by several email providers, including Google and Microsoft. It is expected that this will go a long way towards strengthening a safe and secure email environment. Logging into your domain registrar to configure your DNS settings requires setting up the files required for these protocols.

This might need the help of technical professionals. If your in-house IT team is unprepared to handle this, contact any professional help you have an agreement with, or consult for assistance with a managed IT service provider. ProgIST believes in protecting both your and your clients’ email rights and privacy. ProDMARC helps you implement email authentication with DMARC to stop fraudsters from misusing your domain. Get Started with top-class cybersecurity solutions for your business at ProgIST.

DKIM stands for DomainKeys Identified Mail and is used for the authentication of an email that is being sent. It is an email security standard designed to make sure messages are not altered in transit between the sending and recipient servers.

It uses public-key cryptography to sign email with a private key as it leaves a sending server. Recipient servers then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message has not changed during transit. Once the signature is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.

Difference between DomainKey & DKIM

DomainKeys is a deprecated email authentication system designed by Yahoo to verify the domain name of an email sender and the message integrity. Aspects of DomainKeys(DK), along with parts of Cisco ‘s Identified Internet Mail (IIM), were combined to create DKIM (DomainKeys Identified Mail) which provides more security and flexibility.

What are the DKIM best practices?

Key Length: Use a minimum of a 1024-bit key length to increase key complexity. This is because shorter keys, such as 512-bit, have a higher vulnerability and can be cracked within 72 hours using inexpensive cloud services.

Rotation: Keys should be rotated at least twice per year to reduce the period of time the key could be maliciously used to compromise the integrity of email.

Monitoring: To be able to monitor how receivers are accepting email signed with DKIM, it is recommended to implement DMARC with a “p=none” policy (also referred to as “monitoring mode”). Use DNS to monitor how frequently keys are queried. DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIMmechanisms.

Hashing Standards: Deprecate the use of SHA1 for hashing and move to SHA256

Third Party Mailers: Organizations should be engaged with anyone that sends mail on their behalf to ensure that their third-party vendor (i.e., their email service provider) complies with these best practices

Points to keep in mind while creating DKIM Key

• Make sure that the sending systems you use support DKIM.
• Make sure that the emails are DKIM signed.
• Make sure that the signing domain aligns with the “From” domain.
• Make sure that you use a DKIM key size over 1024 bits (a 2048-bit key is advisable).
• Make sure, where possible, that the DKIM selectors you choose closely identify the sending service so you can distinguish between them
• Make sure to revoke any keys that have bee compromised.
• Make sure that the DKIM keys you manage are rotated on regular basis.
• Make sure that the DKIM key syntax is correct.
• Make sure that there exists a public key for each corresponding private key that signs your email

What is SPF?

The Sender Policy Framework (SPF) is an email-authentication technique which defines a way to validate whether an email was sent from an authorized mail server in order to prevent spam. SPF allows the receiving mail server to check whether a mail claiming to come from a specific domain is submitted by an IP address authorized by that domain’s administrators. Together with the DMARC related information, this gives the receiver (or receiving systems) information on how trustworthy the origin of an email is. The list of authorized sending hosts and IP addresses for a domain is published in the DNS (Domain Name Service) records for that domain.

What does SPF DO?

Suppose a spammer forges a hotmail.com address and tries to spam you. They connect from somewhere other than Hotmail. When his message is sent, you see MAIL FROM: , but you don’t have to take his word for it. You can ask Hotmail if the IP address comes from their network. (In this example) Hotmail publishes an SPF record. That record tells you (your computer) how to find out if the sending machine is allowed to send mail from Hotmail. If Hotmail says they recognize the sending machine, it passes, and you can assume the sender is who they say they are. If the message fails SPF tests, it’s a forgery. That’s how you can tell it’s probably a spammer.

What are the best practices for SPF?

DNS lookup for SPF record should not exceed 10 DNS lookup. If you have more than ten lookups in your record, a permanent error could be returned during the SPF authentication process. DMARC treats that as fail since it’s a permanent error, and all SPF permanent errors are interpreted as fail by DMARC.

SPF was the first email authentication scheme to achieve widespread adoption, but it’s not the only one out there. SPF authentication is most effective when deployed in combination with other anti-fraud techniques such as DMARC.

Adversaries commonly conduct social engineering and spear phishing attacks against organisations using fake emails. By modifying the sender’s address, or other parts of an email header to appear as though the email originated from an intended source, an adversary can increase the likelihood of their target complying with a request, such as opening a malicious attachment or disclosing information.

Organisations can reduce the likelihood of their domains being used to support fake emails by implementing Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC) records in their Domain Name System (DNS) configuration.

SPF, DKIM and DMARC records are publicly visible indicators of good cyber hygiene. The public can query a DNS server and see whether an organisation has SPF, DKIM and/or DMARC protection.

SPF Stands for Sender Policy Framework

SPF is an email verification system designed to detect fake emails. As a sender, a domain owner publishes SPF records in DNS to indicate which mail servers are allowed to send emails for their domains.

When an SPF-enabled mail server receives email, it verifies the sending mail server’s identity against the published SPF record. If the sending mail server is not listed as an authorized sender in the SPF record, verification will fail.

SPF ‘from’ header weakness

SPF has a known weakness. Mail servers applying SPF policies check the RFC5321.Mailfrom header (commonly called the ‘envelope from header’) while email clients typically display the RFC5322.Mailfrom header (commonly called the ‘message/letter from header’) to the users as the source of an email.

Adversaries are aware of this weakness and use it to bypass SPF checks by using a domain they control in the envelope from header, and the domain they wish to spoof (but don’t control) in the message/letter from header.

DMARC addresses this weakness by checking that these two headers align.

Domain-based Message Authentication, Reporting and Conformance (DMARC)

DMARC enables domain owners to advise recipient mail servers of policy decisions that should be made when handling inbound emails claiming to come from the owner’s domain.

DMARC’s alignment feature prevents spoofing of the “header from” address by:

• Matching the “header from” domain name with the “envelope from” domain name used during an SPF check, and
• Matching the “header from” domain name with the “d= domain name” in the DKIM signature.

To pass DMARC, A message must pass SPF authentication and SPF alignment and/or DKIM authentication and DKIM alignment.

A message will fail DMARC if the message fails both (1) SPF or SPF alignment and (2) DKIM or DKIM alignment.

DMARC allows senders to instruct email providers on how to handle unauthenticated mail via a DMARC policy, removing any guesswork on how they should handle messages that fail DMARC authentication. Domain owners can request that recipients:

• Allow, quarantine, or reject emails that fail SPF and DKIM verification
• Collect statistics and notify the domain owner of emails falsely claiming to be from their domain
• Notify the domain owner how many emails are passing and failing email authentication checks
• Send the domain owner data extracted from a failed email, such as header information and web addresses from the email body

,ProDMARC as a product built on a mission to achieve a secure and spoofing free email channels across all of internet space; makes reporting of DMARC, providing volumes and trends of the outbound mails including that of phishing campaigns and yield confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance; smooth and uncomplicated. Summarizing, ProDMARC helps improve customer and third party trust in email communications.

Sign up for your 1 month ProDMARC trial by writing to us on ,,info@progist.net ,So that while you stay home safe from COVID-19, your email domains are safe from email spoofing !!

With the rise of the social internet and the ubiquity of e-commerce, spammers and phishers have a tremendous financial incentive to compromise user accounts, enabling theft of passwords, bank accounts, credit cards, and more. Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well known brand into an email gives it instant legitimacy with many users.

Users can’t tell a real message from a fake one, and large mailbox providers have to make very difficult (and frequently incorrect) choices about which messages to deliver and which ones might harm users. Senders remain largely unaware of problems with their authentication practices because there’s no scalable way for them to indicate they want feedback and where it should be sent. Those attempting new SPF and DKIM deployment proceed very slowly and cautiously because the lack of feedback also means they have no good way to monitor progress and debug problems.

DMARC addresses these issues. DMARC (Domain-based Message Authentication Reporting and Conformance) is an email validation system designed to protect your company’s email domain from being used for email spoofing, phishing scams and other cyber-crimes. DMARC take the advantage of the existing email authentication techniques SPF (Sender Policy Framework) DKIM (Domain Keys Identified Mail). DMARC adds an important function, reporting. When a domain owner publishes a DMARC record into their DNS record, they will gain insight in who is sending email on behalf of their domain. This information can be used to get detailed information about the email channel. With this information a domain owner can get control over the email sent on his behalf.

At ,,ProDMARC, we’re here to help you ensure DMARC compliance for your organization and your third party vendors. ProDMARC as a product built on a mission to achieve a secure and spoofing free email channels across all of internet space; makes reporting of DMARC, providing volumes and trends of the outbound mails including that of phishing campaigns and yield confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance; smooth and uncomplicated. Summarizing, ProDMARC helps improve customer and third party trust in email communications.

Our ,,ProDMARC platform and managed services ensure that customers are able to identify, inventorize, and achieve DMARC compliance for all third party partners of the organization. ProDMARC is chosen by top organizations across industry verticals including banking, insurance, stock markets, healthcare & pharmaceutical, telecom, energy etc.

With the economy in slump, ,,ProDMARC announces a limited-time offer during the ongoing pandemic — 15 days of DMARC health assessment report, completely free for all organizations who wish to gain visibility of the mail based phishing threats which are at an all-time high.

Sign up for your 15 day ProDMARC trial by writing to us on ,info@progist.net
So that while you stay home safe from COVID-19,
your email domains are safe from email spoofing !!

One of the most common question that people ask us on how we know if the DMARC is really working and is it worth implementing.

Let me talk about basics first:

• What is DMARC – It’s an Email security standard
• Full form – “Domain-based Message Authentication, Reporting & Conformance”
• Implemented via DNS records
• Modes: None, Quarantine, Reject
• You can implement it on your own with difficulty or you can use a third party SAAS provider for assisting with implementation and measuring ROI.

Now let us talk about how do we measure the ROI. So, for discussion I am going to talk about a real incident through which we helped our customer for measuring the ROI and how the same was applauded by the customer.

The Customer has been with us for a couple of years now and he always had doubts about whether the DMARC solution was actually working or not and we always used to assure him that it’s like an Insurance policy. When an incident hits you, don’t worry, ProDMARC would do its job.

This incident that I am talking about happened with the customer a few months back. When the customer was busy with the month end activities, they received an automated alert from the ProDMARC solution stating below.

THERE IS A THRESHOLD BREACH OBSERVED FOR THE EMAIL ACTIVITY AND WE HAVE WITNESSED A NEW MAILING PROVIDER SENDING MAILS ON BEHALF OF YOUR DOMAIN WHICH ARE FAILING DMARC AND HENCE THE MAILS ARE REJECTED.

The customer quickly looked at the alert and started to investigate about this unusual trigger from the ProDMARC solution. He quickly went through the dashboard and started to analyze the DMARC compliance trend for the domain. He was surprised to see about 1,941 emails were found to be failing DMARC.

He went to the forensic module to check if there are sample forensic emails so that he can check the headers and body of the email. Luckily, he found a few forensic samples through which he identified the FROM ADDRESS and the DMARC action being taken by the email gateways.

The customer was quite happy that the email was blocked by ProDMARC. But he was curious to know more about this suspicious email and whether there are any phishing link or malware being downloaded. To his surprise, the customer found that the content of the email was related to a SWIFT COPY with an attachment.

The attachment had an embedded link pointing to an URL. Virus Total straight away gave a verdict that 5/80 engines have detected this URL as Phishing/Malicious

The customer was delighted that ProDMARC stopped a real incident and applauded the solution for doing its job. He even presented this to the senior management highlighting ROI of the DMARC solution.

So basically, what I am trying to say is that we sometimes expect the results to show immediately and start triggering security incidents the moment we plugin solutions in enterprises. But that is not normally the case and as an organisation we should keep applying layered security to ensure that the solutions are deployed considering the risk surface and the implemented solution like DMARC would kick in when required.

If any organisation would like to evaluate DMARC for their organisation, they can write a email at info@progist.net for taking a no obligation 15 days free trial of award winning PRODMARC Solution.

The year 2020 has been the year of bad news as the Covid-19 has hit the world. There has been growth in technology and digitization due Work From Home and Study From Home and hence cases related to cybercrime have seen a sharp rise during this period. Cybercriminals are getting smarter with new techniques and modus-operandi to target people. So, in order to keep ourselves safe in the digital world, it is important for each and every person to know what are these threats.

WHAT IS A CYBERCRIME?

Cybercrime is criminal activity that either targets or uses a computer, a computer network or a networked device. Any unlawful act where computer or communication device or computer network is used to commit or facilitate the commission of crime.

Ministry of Home Affairs (MHA) has recently advised people about such crimes and has defined them in the following categories.

TYPES OF CYBER CRIMES AND HOW TO IDENTIFY THEM

1. CHILD PORNOGRAPHY/ CHILD SEXUALLY ABUSIVE MATERIAL (CSAM)

Child sexually abusive material (CSAM) refers to a material containing sexual image in any form, of a child who is abused or sexually exploited. Section 67 (B) of IT Act states that “it is punishable for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form.

2. CYBER BULLYING

Cyberbullying is bullying with the use of digital technologies. It can take place on social media, messaging platforms, gaming platforms and mobile phones. It is repeated behavior, aimed at scaring, angering or shaming those who are targeted.

3. CYBER STALKING

Cyberstalking is the use of the ,,Internet or other electronic means to ,,stalk or

,,harass an individual, group, or organization.,,[1] It may include ,,false accusations, ,,defamation, ,,slander and ,,libel. It may also include monitoring, ,,identity theft, threats, vandalism, solicitation for sex, or ,,gathering information that may be used to threaten, embarrass or harass.

4. CYBER GROOMING

Cyber grooming is the process of ‘befriending’ a young person online “to facilitate online sexual contact and/or a physical meeting with them with the goal of committing sexual abuse.

5. ONLINE JOB FRAUD

Online Job Fraud is an attempt to defraud people who need employment by giving them a false hope/ promise of better employment with higher wages, not necessary in 2020 as the jobs are not available and fraudsters are taking advantage of this situation.

6. ONLINE SEXTORTION

Online Sextortion occurs when someone threatens to distribute private and sensitive material using an electronic medium if he/ she doesn’t provide images of a sexual nature, sexual favors, money or sometimes personal enmity or revenge.

7. VISHING

Vishing is an attempt where fraudsters try to seek personal information like Customer ID, Net Banking password, ATM PIN, OTP, Card expiry date, CVV etc. through a phone call. This technique has been exposed because of user awareness campaigns.

8. SEXTING

Sexting is an act of sending digital images, videos, text messages, or emails, usually by cell phone which are sexually explicit in nature.

9. SMISHING

A form of phishing, smishing is when someone tries to trick you into giving them your private information via a text or SMS message. Smishing is becoming an emerging and growing threat in the world of online security.

10. SIM CLONING/SWAP SCAM

SIM Cloning Scam occurs when fraudsters manage to get a new SIM card issued against a registered mobile number fraudulently through the mobile service provider. With the help of this new SIM card, they get One Time Password (OTP) and alerts, required for making financial transactions through victim’s bank account. Getting a new SIM card against a registered mobile number fraudulently is known as SIM Swap.

A recent example of SIM cloning where businessman lost 2 Crores to fraudsters:

https://mumbaimirror.indiatimes.com/mumbai/cover-story/hackers-clone-sim-bizman-loses-rs-2-cr/articleshow/78598056.cms

11. DEBIT/CREDIT CARD FRAUD

Credit card (or debit card) fraud involves an unauthorized person using another person’s credit or debit card information for the purpose of purchases or withdrawing funds from it.

12. IMPERSONATION AND IDENTITY THEFT

Impersonation and identity theft are an act of fraudulently or dishonestly making use of the electronic signature, password or any other unique identification feature of any other person to cause Monetary harm to the individual or the organization.

13. PHISHING

Stealing personal information such as Customer ID, IPIN, Credit/Debit Card number, Card expiry date, CVV number, etc. through emails that appear to be from a legitimate source is phishing.

14. SPAMMING

Spamming occurs when someone receives an unsolicited commercial message sent via email, SMS, and any other similar electronic messaging media. They may try to persuade recipients to buy a product or service, or visit a website where he can make purchases, or they may attempt to trick him/ her into divulging bank account or credit card details.

15. RANSOMWARE

Ransomware is a type of computer malware that encrypts the files, storage media on communication devices like desktops, Laptops, Mobile phones etc., holding data/information as a hostage. The victim is asked to pay the demanded ransom to get his/her device decrypts. So please don’t click on links that are sent by unknown people.

16. VIRUS, WORMS & TROJANS

Computer Virus is a program written to enter to your computer and damage/alter your files/data and replicate themselves. Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, etc. A Trojan horse is not a virus. It is a destructive program that looks as a genuine application. Unlike viruses, Trojan horses do not replicate themselves, but they can be just as destructive. Trojans open a backdoor entry to your computer which gives malicious users/programs access to your system, allowing confidential and personal information to be theft.

17. DATA BREACH

A data breach is an incident in which information is accessed without authorization. Data breaches can be far more than a temporary terror — they may change the course of your life. Businesses, governments, and individuals alike can experience huge complications from having sensitive information exposed. Whether you are offline or online, hackers can get to you through the internet, Bluetooth, text messages, or the online services that you use.

A very recent example of data breach:

https://www.cnbc.com/2020/10/16/british-airways-fined-20-million-for-data-breach-by-ico.html

18. DENIAL OF SERVICES (DOS) / DISTRIBUTED DOS

Denial of Services (DoS) attack is an attack intended for denying access to computer resource without permission of the owner or any other person who is in-charge of a computer, computer system or computer network. A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources of the legitimate users of that service are denied access to that service.

19. WEBSITE DEFACEMENT

Website Defacement is an attack intended to change visual appearance of a website and/ or make it dysfunctional. The attacker may post indecent, hostile and obscene images, messages, videos, etc. Many times, when tensions between two countries increase, they attack government websites of the opponent country.

20. CYBER-SQUATTING

Cybersquatting is the practice of registering as Internet domains identical or similar to a third party company name or trademark, with bad faith intent to profit from the goodwill of a third party brand, or in the hope of reselling them at a profit.

21. ,PHARMING

Pharming, a amalgamation of the words “phishing” and “farming”, is a type of cybercrime very similar to phishing, where a website’s traffic is manipulated, and confidential information is stolen.

22. CRYPTOJACKING

Cryptojacking is the unauthorized use of computing resources to mine cryptocurrencies. As it is believed to replace gold as the reserve currency, Cryptocurrencies are the future.

23. ONLINE DRUG TRAFFICKING

Online Drug Trafficking is a crime of selling, transporting, or illegally importing unlawful controlled substances, such as heroin, cocaine, marijuana, or other illegal drugs using electronic means. It is much easier online than offline and it has less probability of getting caught, so more and more drug trafficker are coming online.

24. CYBER ESPIONAGE

Cyber Espionage is the act or practice of obtaining data and information without the permission and knowledge of the owner.

STAY AWARE. STAY SAFE.

References:

1. https://www.cybercrime.gov.in/Webform/CrimeCatDes.aspx
2. https://cybercrime.gov.in/UploadMedia/MHA-CitizenManualReportOtherCyberCrime-v10.pdf

What is Brand Impersonation?

Impersonation refers to intentionally replicating other person’s characteristics, such as their speech, appearance, behavior, or expressions etc. Just like inter-person impersonation, brand impersonation is a particular organization holding a brand name gets targeted for the enactment. Brand impersonation occurs when an impostor creates a page or an account on social media or sends out mails pretending to be the targeted brand, using it to gain confidence of entrusting consumers or to conduct other activities that sabotage the reputation of the brand. This is an increasingly common problem on the social networking channel that thousands of brands are forced to deal with each day.

Brand impersonation is BIG business

In modern times, scams that trick victims into thinking they are dealing with a genuine brands or service providers they trust are not new, but there are new developments making these attacks more intense and visually bona fide. The growing sophistication of cyber-criminals come through carefully studying the profile, the types of victims they want to target and even set fraud quotas for their criminal employees in the organization who can help them in carry out scams.

Another factor is the ease with which scammers can use brands’ own tools to cloak their identity. Copying a brand logo or even a validation symbol like the Twitter check mark takes only a few minutes and minimal skills. Because email was originally developed without safeguards to verify sender’s identity, many if not most brands’ domains are open to these tech-savvy malicious users. Without raising any alarms, scammers can launch phishing attacks on brands’ customers that appear to come from the brand’s genuine email accounts. This practice is commonly known as domain spoofing.

In the most recent high-profile coronavirus scam, an email supposedly from the World Health Organization (WHO) was sent around the world requesting donations. The sender’s address was ‘donate@who.int’, where ‘who.int’ is the real domain name for WHO. The email was confirmed to be a phishing scam, but at first glance, all signs pointed to the sender being genuine, as the domain belonged to the real WHO.

Read more about the WHO impersonation in our blog DMARC: A vaccine against Coronavirus scams

Automation has dramatically increased the speed and scope of brand-impersonation fraud attempts, too. Scammers now send nearly 30 phishing emails every second and launch a new impersonated phishing domain every five minutes. The result is a blizzard of brand fakery targeting consumers and damaging brand reputation.

The domino effect of impersonation scams on brands

Impersonation scams can damage brands name in more than one way. First and foremost, scams take away customers. Victims of these attacks i.e. customers can blame the brand for not preventing the fraud by setting up necessary safeguards, and research shows that nearly 65% of consumers stop shopping with a brand after one bad experience. Other victims, as well as future customers who learn about the scam in the media, may hesitate to open future emails from that brand, and that can cause marketing email campaigns lose effectiveness because of lack of trust for the brand. News reports and social media discussions can also steer potential customers toward other brands.

A lot of damage control also essential in phishing scams. Brands that are targeted need to send a warning their customers about the impersonation scam. They also need to try to find out the reason behind the phishing attacks, its source and employ countermeasures to ensure that the fraudsters are unable to use the brand’s domains or lookalike domains to send email to its customers.

Reducing the risk of brand impersonation

There are three core areas that help companies protect their brands from abuse by scammers: Communication, Security and Monitoring.

Communication: Including a safety policy in the customer-facing emails, on your social media accounts, and on your site, stating along the lines of “Brand ABC will never contact you to ask for your customer login or payment card information.” Visual communication matters too ! So it is advisable to keep your logo, colors, and other visual branding elements consistent across channels, so that any knockoffs are easier for customers to spot. And when scammers target your brand, let your customers know what to watch for.

Better security: Create strong passwords for your brand’s social media accounts, keep a running list of who has login access, and update passwords when there are staffing changes. To prevent domain spoofing, implement a DMARC sender authentication policy on all your email domains. This open-source protocol gives domain owners the power to detect and block unauthorized users.

Monitoring: Use social monitoring tools to keep tabs on brand mentions and conversations. Report scam accounts when they appear and delete comments on your pages and posts by accounts impersonating your brand. For email, DMARC will show you who is sending emails from your domains and can flag or reject suspicious outgoing messages. Finally, respond quickly to customer reports of scammers abusing your brand.

Protecting your brand from impostors requires attention to what is happening in your brand’s communication channels, as well as regular security improvements. These efforts are a good way to drive scammers away from your brand in search of easier targets. They are also a must to build and maintain trust with your customers in an age when brands and consumers need to be allies in the fight against cyber crime.

Since email becomes the primary communication medium between the brand and its customers, it is very essential for organizations to ensure that no mails are sent to their customers using their domain or any lookalike domains.

In relation to this, Google has come up with a bundle of security enhancements for G Suite services in a recent announcement, and one of the biggest announcements is about Gmail. Google has announced its alliance with the Brand Indicators for Message Identification (BIMI) group, which enforces an email feature that adds brand logos to authenticated emails. Google confirmed that their BIMI pilot will enable organizations, who authenticate their emails using ,DMARC, to validate ownership of their corporate logos and securely transmit them to Google. Emails are authenticated using the existing ,DMARC system. Once these authenticated emails pass all of the anti-abuse checks, Gmail will start displaying the logo in existing avatar slots in the Gmail UI. To read more about the Gmail integration with BIMI, read our article.

As new organizations are born each day, email security is important and plays a vital role in every organization and there should be necessary actions taken to make sure there is no security breach. It becomes the responsibility of every business to protect themselves, their clients’, and employees’ sensitive personal information.

How can we help?

ProDMARC is built on a mission to achieve a secure and spoofing free email channels across all of internet space; makes reporting of DMARC, providing volumes and trends of the outbound mails including that of phishing campaigns and yield confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance; smooth and uncomplicated. It helps in gaining visibility on your email domain getting used on your behalf by third parties. It’s important to gain visibility of unauthorized emails which might be getting sent from your brand; ensures that emails do not get blocked due to misconfigurations, making the best use of the customer email communication; generates actionable threat intelligence feeds for your security and transaction monitoring systems helping to block targeted attacks proactively and also helps in identification of lookalike domains for your brand.

To summarize, ProDMARC helps improve customer trust in email communications

With the economy in slump, ProDMARC announces a limited-time offer during the ongoing pandemic — 15 days of DMARC health assessment report, completely free for all organizations who wish to gain visibility of the mail based phishing threats which are at an all-time high.

Sign up for your 15 day ProDMARC trial by writing to us on ,info@progist.net

To start with, lets get a brief idea about DMARC

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an ascendable mechanism by which a mail-originating system can express domain-level policies and preferred for message validation, disposition, and reporting, that a mail-receiving system can be used to improve mail handling.

Originators of Internet Mail need to be able to associate reliable and authenticated domain identifiers with messages, communicate policies about messages that use those identifiers, and report about mail using those identifiers.

These abilities have several benefits like:

Receivers can provide feedback to Domain Owners about the use of their domains; this feedback can provide valuable insight about the management of internal operations and the presence of external domain name abuse.

DMARC does not produce or encourage elevated delivery privilege of authenticated email. DMARC is a mechanism for policy distribution that enables increasingly strict handling of messages that fail authentication checks, ranging from no action, through altered delivery, up to message rejection.

Let us understand the importance of implementing DMARC by looking into a couple of examples of scams happening in the banking and insurance sector.

,COVID-19 Car Insurance Scams

In light of the current scenario, where scammers are using COVID-19 as a bait, security researchers warn that fraudsters will run their old playbooks of fraud schemes, but also take advantage of COVID-19 scare, like physical distancing and fear of getting infected by the virus.

Orchestrated accidents are generally defined as an event where someone purposely cause an accident in order to make a claim against your car insurance or their own. Intentionally rear-ending or sideswiping another car are common schemes. Staged accidents are often committed by organized fraud rings.

With a large slice of the country practicing social distancing, there are less cars on the road and less witnesses, giving scammers the opportunity they wish for. Investigators believe scammers will use the fear of spreading COVID-19 as an excuse to discourage police involvement, leaving an opening to file false insurance claims.

Problems arise when people who were not in the car at the time of the “accident” file injury claims, hoping to get a settlement from another driver’s liability car insurance. The COVID-19 scam is similar to the staged accident scam. Scammers may take advantage of others’ fear and suggest a limited exchange of information, such as passenger names. With no police report and no witnesses, they have an excuse to make false injury claims for people who were not in the car.

Here’s what you can do: If you get into a car accident, try to note how many people were in each car and, if possible, their names and contact information while of course maintaining social distancing. You can also call the police and wait in your car.

Auto repair frauds can happen when a repair shop takes advantage of both you and your insurance company. Fraud investigators report that some repair shops charge excessive fees for cleansing, disinfecting, and storing vehicles – claiming they cannot work on vehicles for several days because of possible COVID-19 infection.

Be suspicious with auto repair shops that charge high fees for cleaning and storing your car. Speak with your insurance adjuster before paying any up-front out-of-pocket costs.

COVID-19 Travel Insurance Scams

The Coalition Against Insurance Fraud is urging consumers to be aware of the traps for bogus travel insurance policies that claim to cover COVID-19-related trip cancellations. Most travel insurance policies DO NOT cover pandemics. If someone pitches you a travel insurance that specifically covers COVID-19-related problems, that should raise a red flag.

Be aware of scammers impersonating legitimate travel insurance companies. While some travel insurance companies have extended coverage that would typically be excluded to their policyholders during the COVID-19 outbreak, scammers may try to take advantage of financial anxieties and sell bogus products.

Bank Email Scam

Ask a question to yourself: Why would the bank send you an email asking you for information after you’ve opened an account? After all, after you open up a bank account, they already have all of your information.!

However, many people still fall for professional-looking emails that appear to be from their banks, asking for information to process a transaction or with the excuse of your credit / debit card about to get expired.

If you ever receive an email that looks like it’s from your bank and that asks you for your personal information, DON’T FALL FOR IT.

You might have this question – All of this information is basically a Dos and Don’ts for users… What about the Banks and Insurance companies? Where does DMARC come into the picture?

Here’s where DMARC plays a leading role – With the rise of the social internet and the ubiquity of e-commerce, spammers and phishers have a tremendous financial incentive to compromise user accounts – enabling theft of passwords, bank accounts, credit cards, and more. Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well-known brand into an email gives it instant legitimacy with many users.

End users (customers) can’t distinct a real message from a fake one; and large mailbox providers have to make very difficult (and frequently incorrect) choices about which messages to deliver and which ones might harm users. Senders remain largely unaware of problems with their authentication practices because there’s no scalable way for them to indicate they want feedback and where it should be sent. DMARC addresses these issues. DMARC takes the advantage of the existing email authentication techniques SPF (Sender Policy Framework) DKIM (Domain Keys Identified Mail), also adding an important function, reporting. When a domain owner publishes a DMARC record into their DNS record, they will gain insight in who is sending email on behalf of their domain. This information can be used to get detailed information about the email channel. With this information a domain owner can get control over the email sent on his behalf.

Also, as an additional benefit, Gmail has now integrated with Brand Indicators for Message Identification (BIMI) in which Google confirmed that this engagement will enable organizations, who authenticate their email domains using DMARC, to validate ownership of their corporate logos and securely transmit them to Google. Once these authenticated emails pass all of the anti-abuse checks, Gmail will start displaying the logo in existing avatar slots in the Gmail UI. Which means lesser chances of brand impersonation, lesser chances of your customers getting scammed by your brand name and more trust factor of your emails that are sent to your customer base.! For more information, read our blog about Google – BIMI integration and get to know how DMARC plays an important role in the email ecosystem.

How can we help?

ProDMARC as a product built on a mission to achieve a secure and spoofing free email channels across all of internet space; makes reporting of DMARC, providing volumes and trends of the outbound mails including that of phishing campaigns and yield confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance; smooth and uncomplicated.

To summarize, ProDMARC helps improve customer trust in email communications.

With the economy in slump, ProDMARC announces a limited-time offer during the ongoing pandemic — 15 days of DMARC health assessment report, completely free for all organizations who wish to gain visibility of the mail based phishing threats which are at an all-time high.

Sign up for your 15 day ProDMARC trial by writing to us on info@progist.net

Organizations – big or small – are generally bothered about security of their customers, clients, third party vendors and their prospects. In a colossal way, organizations rely on third party partners who are responsible for sending notifications, marketing promotions and other important emails to our customers prospects or even their clients.

Due to the growing phishing and spoofing attacks, organizations are paying a substantial amount to services and companies which can secure their email in an effective way. As email is so important to the business, setting up DMARC becomes mandatory, also making sure third party senders mails are DMARC compliant is another objective to be triumphed.

As part of the DMARC endeavor, organizations often tend to overlook the necessity and the effort which they would need to invest in ensuring that the third party partners are DMARC compliant too. In case this aspect is not taken care of, there is a high risk that the genuine mails sent out by these senders may get blocked at the recipient end causing major business process disruption.

Question is – How to integrate third party senders ??

There are a couple of approaches that help in achieving DMARC compliance with third party senders. It will, certainly depend on what efficiency your third party sender has in implementing these suggestions:

1. External Integration

If your third party senders use their own mail servers to send your email, you can delegate a sub-domain for their usage and partner’s SPF record and DKIM public Keys can be configured in the sub-domain’s DNS server. This will allow you to authorize them as your third-party mail sender, also ensuring their mass mailing activity does impact your company’s parent domain reputation.

2. Internal Integration

Other option is: Having your third party sender relay your emails through your own mail servers, thus enabling the emails sent to use your own SPF, DKIM, and DMARC configurations giving you greater control over your email.

Steps to integrating Third Party Senders

Engaging with third party senders is often fundamental and helps the organization move forward. With that said – it bears its own set of uncertainties; There are reasons to be vigilant in ensuring that these senders have all appropriate security measures in place, principally before they commence mailing on your behalf. Here are a couple of steps to make that happen:

1. Sending messages in compliance with SPF records

This would require you to ensure that the bounce email ID (envelope-from) is configured by your partner to be in alignment with the mail domain (same as or sub-domain of your mail domain) and by including your partner’s mail system IP/SPF domain in your envelope-from domain’s SPF record. Several organizations may require specific IP addresses to introduce into the domain’s SPF record, rather than using an include: mechanism.

2. Implementing DKIM signing for the domain in use

This would require your mailing partner to enable DKIM signing for your emails in its mailing system and share the corresponding DKIM public key with you, which must then be added by you in your DNS. While configuring a DKIM signature, ensure you are signing it with at least a 1024 bit size key. The signing domain (d=) in the DKIM header of the mail must align with (same as or sub-domain) the domain which is used to send mails.

For an email message to be DMARC compliant, SPF and DKIM must be configured and at least one of the authentication methods must pass for the message to be delivered.

Each of the above mentioned steps helps organizations realize that email safety is top notch for the entire organization — whether the email is received from a third party sender or not.

At the end of the day, which policy you choose is ultimately the decision of your organization as you decide which policy best suits your needs. There are many growing organizations implementing DMARC but the question is not whether you’re implementing DMARC or not but it is about are you implementing it correctly. To meet the end goal at the end of the day it is your organization your customers and your reputation.

At ProDMARC, we’re here to help you ensure DMARC compliance for your organization and your third party vendors. ProDMARC as a product built on a mission to achieve a secure and spoofing free email channels across all of internet space; makes reporting of DMARC, providing volumes and trends of the outbound mails including that of phishing campaigns and yield confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance; smooth and uncomplicated. Summarizing, ProDMARC helps improve customer and third party trust in email communications.

Our ProDMARC platform and managed services ensure that customers are able to identify, inventorize, and achieve DMARC compliance for all third party partners of the organization. ProDMARC is chosen by top organizations across industry verticals including banking, insurance, stock markets, healthcare & pharmaceutical, telecom, energy etc.

Considering the economy being in slump and resources scarce, ProDMARC announces a limited-time offer during the COVID-19 pandemic — 15 days of DMARC health assessment report, completely free for all organizations who wish to gain visibility of the mail based phishing threats which are at an all-time high.

Sign up for your 15 day ProDMARC trial by writing to us on ,info@progist.net

So that while you stay home safe from COVID-19,

your email domains are safe from email spoofing !!