Email is the primary tool used in business, from internal communication to customers, making it an effective place for cyber criminals to target their victims. According to Avanan’s phishing statistics, 1 in every 99 emails is a phishing attack. This amounts to 4.8 emails per employee in a five-day work week!
Because of this and other statistics, people are increasingly beginning to recognise that emails should not be trusted automatically. Most users of email will have received strange emails from spoofed accounts. However, some are extremely sophisticated and therefore hard to detect, especially for individuals who may not be as vigilant as we would hope.
Interested in learning more about cyber security best practices? Download our FREE White Paper
Email spoofing is the fabrication of an email header, in the hope of deceiving the recipient into thinking the email originated from someone other than the intended source. Business Email Compromise (BEC) is a common way cyber criminals spoof emails in order to swindle money out of organisations. It is a threat we have noticed more and more of our customers are experiencing. In fact, research has revealed that BEC has overtaken ransomware and data breaches as the main reason companies filed a cyber-insurance claim in EMEA.
The UK’s most impersonated company is, perhaps unsurprisingly, Her Majesty’s Revenue and Customs. In just 2014 and 2015 alone, it was estimated that taxpayers received half a billion emails each year alleging to be from the @HMRC.gov.uk email addresses, trying to cheat unsuspecting taxpayers out of money.
As a part of our commitment to providing proactive IT support, we have introduced Domain-based Message Authentication, Reporting & Conformance (DMARC) into our portfolio of services. DMARC is an email security protocol that prevents spoof emails from reaching users’ inboxes. To help with this, there are two standards we use to ensure legitimate emails are properly authenticated; Sender Policy Framework (SFP) and Domain Keys Identified Mail (DKIM).
Simply speaking, SPF lists all the IP address that are allowed to legitimately send as you and DKIM applies encryption to the header on an email (not the message itself) which certifies that the sender is legitimate for that domain. Using these standards means DMARC is unique as it is the only widely deployed technology that can make the ‘header from’ address trustworthy and reliable. Additionally, it creates a place where you can view reports and data on whether your domain is being faked.
Three net outcomes that result from implementing such as service include:
- The closing down of the sending of spam and malware in your name
- Reporting on who is sending as you
- An improved email reputation and, in most cases, a rise in deliverability rates
Many companies have already proven to hugely benefit from these outcomes. For example, looking back at HMRC, the number of spam emails claiming to be from @hmrc.gov.uk decreased by 300 million in 2016; a figure that has continued to fall.
The impacts of email spoofing can go far beyond monetary loss. Brands are built on trust, so the reputational damage it can have is far more concerning and inevitably causes more damage than is initially noticeable. In a study of 2,000 survey participants, nearly 87% said they would not (or were not very likely to) do business with a company that has faced a data breach involving credit or debit card information.
entrustIT is a Managed Service Provider (MSP) with over a decade of experience in protecting businesses against these sorts of threats and preventing the impacts they can have on a business. We will work with you to establish all the places that send email as you, and then monitor the DMARC reporting over the forthcoming weeks to ensure everything is under control. When safe, we will set the policies that are to be rejected and continue with ongoing monitoring.
Email spoofing is a trend that we expect to grow over the next decade. If businesses are not prepared for this and fail to put solutions in place, they run the risk of cyber criminals ruining their reputation by attempting to appear as them in order to scam victims. DMARC with entrustIT is a proactive measure you can choose to have put in place, which will give you peace of mind that spoofed emails are not being sent as you– at a low cost!
Interested in becoming a cyber security champion? Why not download our FREE White Paper >>
