Email is the main method of communication used in the business environment, from internal communication to customers. This makes it an extremely effective place for cyber-criminals to target victims. According to Avanan’s phishing statistics, 1 in every 99 emails is a phishing attack. This amounts to 4.8 emails per employee in a five-day work week!
Because of this and other statistics, people are becoming increasingly conscious of the dangers of email and how it is not to be trusted. Many of us will have received strange emails from spoofed accounts. However, as some are extremely sophisticated, they can be hard to detect, especially for individuals who may not be as vigilant as we hope.
Email spoofing is the fabrication of an email header, with the hope that the recipient is deceived into thinking the email originated from someone other than the intended source. Business Email Compromise (BEC) the most common way cyber criminals spoof emails so that they can swindle money out of businesses. It is a threat we have noticed more and more of our customers are experiencing. In fact, research has revealed that BEC has overtaken ransomware and data breaches as the main reason companies filed a cyber-insurance claim in EMEA.
The UK’s most impersonated company is, perhaps unsurprisingly, Her Majesty’s Revenue and Customs. In just 2014 and 2015 alone, it was reported that taxpayers received around half a billion emails each year alleging to be from the @HMRC.gov.uk email addresses, trying to cheat unsuspecting taxpayers out of money.
As a part of our commitment to providing proactive IT support and through our partnership with the entrust IT Group, we have introduced Domain-based Message Authentication, Reporting & Conformance (DMARC) into our portfolio of services. DMARC is an email security protocol that prevents spoof emails from reaching users’ inboxes. To help with this, there are two standards we use to ensure legitimate emails are properly authenticated; Sender Policy Framework (SFP) and Domain Keys Identified Mail (DKIM).
In simple terms, SPF lists all the IP address that are allowed to legitimately send as you and DKIM applies encryption to the header on an email (not the message itself) which certifies that the sender is legitimate for that domain. Using these standards means DMARC is unique as it is the only widely deployed technology that can make the ‘header from’ address trustworthy and reliable. Furthermore, it forms a place where you can view reports and data on whether your domain is being faked.
Three net outcomes that result from implementing such as service include:
- The closing down of the sending of spam and malware in your name
- Reporting on who is sending as you
- An improved email reputation and, in most cases, a rise in deliverability rates
Many companies have already proven to hugely benefit from these outcomes. For example, looking back at HMRC, the number of spam emails claiming to be from @hmrc.gov.uk decreased by 300 million in 2016; this is a that has and is continuing to fall.
The consequences of email spoofing can go far beyond monetary loss. Brands are built on trust, and the reputational damage it has are far more concerning and inevitably causes more damage than is initially noticeable. In a study of 2,000 survey participants, nearly 87% said they would not (or were not very likely to) do business with a company that has faced a data breach involving credit or debit card information.
Serval IT Systems is a Managed Service Provider (MSP) with over a decade of experience in protecting organisations against these sorts of threats and preventing the impacts they can have on them. Our experienced technicians will work closely with you to establish all the places that send email as you, and then monitor the DMARC reporting over the forthcoming weeks to ensure everything is under control. When safe, policies will be set for what are to be rejected, and continue with ongoing monitoring.
Email spoofing is a trend that is predicted to rise over the next decade. If organisations are not prepared for this and fail to put solutions in place, they run the risk of cyber criminals being able to appear as them in order to scam victims which will ruin their reputation. DMARC with Serval IT Systems is an effective and proactive measure you can put in place, which will give you peace of mind that spoofed emails are not being sent as you – at a low cost!
Please get in touch for more information.