The rise of brand spoofing and mail interception has become a serious challenge and pain point for organisations around the world.
Not only are sophisticated cyber criminals using these techniques to divert payments, but they are also causing brand damage, and costly and harmful litigation between victims in the process.
It has become increasingly common for criminals to monitor and intercept e-mails to steal or amend information, such as invoices with banking details or account information.
In South Africa, the lines between business e-mail compromise and phishing are blurring; for example, scammers have defrauded taxpayers by diverting their tax payments, and e-mail attacks have resulted in large payments being diverted to criminals’ accounts.
One technique malicious actors use is to spin up a domain that appears to carry a known brand’s name; however, it uses Cyrillic characters instead of English characters. To end-users, an e-mail address may look identical to one they are used to seeing. For example, they might use the Cyrillic“ɑ” to replace the letter “a”.
I believe it is only a matter of time before DMARC becomes the norm for all mail everywhere.
Until fairly recently, e-mail recipients have had no way of knowing whether e-mails they received − particularly from known senders − had been spoofed or tampered with.
Attackers may also mask the fact that the display name and address field don’t come from the same entity, or they might bypass traditional checks for whether the display name matches the e-mail address by encoding the display name until it reaches the end-user.
Protecting e-mail integrity
DMARC (domain-based message authentication, reporting and conformance) is an authentication, reporting and policy method that helps mail administrators prevent hackers and other attackers from spoofing their organisations, and in turn, helps protect supply chains, partners and customers.
A DMARC policy allows the sender to indicate that their messages are protected by Sender Policy Framework and/or DomainKeys Identified Mail, and tells the recipient what to do if neither of those authentication methods passes.
Major entities such as Google and Yahoo have begun requiring DMARC on mails, and I believe it is only a matter of time before DMARC becomes the norm for all mail everywhere.
Mimecast’s international “The State of E-mail and Collaboration Security Report 2024” noted e-mail remains the primary attack vector for threats such as phishing, spoofing and ransomware.
It found that 94% of the companies surveyed are either already using DMARC, in the process of deploying it, or planning to do so over the next 12 months, as part of multilayered e-mail defence. Their top reasons for implementing DMARC are to make e-mail more trustworthy, protect the brand and comply with industry regulations.
The speed at which organisations are adopting DMARC leads me to believe organisations not using DMARC may soon find all their communications are simply blocked by recipients.
With advanced DMARC analysis solutions in place, organisations can further protect their brands by generating comprehensive forensic reports of spoofing attempts.
These reports tell companies exactly who is out there imitating them, so they can request to have them taken down. If the reports indicate they are from countries not in the firm’s niche market, it can also advise partners and customers to geofence their servers and only accept its e-mails if coming from particular regions.
This adds an extra layer of protection and further reduces the human risk within organisations.
Because DMARC supports compliance, business resilience and brand protection, it is an investment that offers real business value.
Collaboration for ecosystem resilience
DMARC, combined with AI-based advanced brand protection systems, threat intelligence sharing and improved user awareness, offers multiple layers of protection to safeguard organisations, their brands and their partners and customers.
To ensure these additional layers of protection offer optimal benefits, supply chains and business networks should collaborate to deploy DMARC.
In the modern threat environment, business networks need to work together to secure their entire environment, across third-party vendors, contractors, internal users and even customers.
Due diligence is crucial now, and we need common goals and a common understanding of everyone’s role in securing systems and information assets.
Share