It was in 1742 that Thomas Gray penned a famous poem about young innocence unknowing or even uninterested in the challenges ahead in adult life. You yourself would be familiar with this poem based on its closing statement “Innocence is bliss, ‘tis folly to be wise.”
Starting in mid-February of this year, a massive cyber-attack began, originally targeting the Linkedin brand. By the end of the month, the same technique was used to generate massive amounts of generic malicious spam impacting most of the legitimate TLD domains – globally!! The cyber-attack used a simple technique of “using” a subdomain of a TLD domain ie “linkedin.mybank.com” and using that as the basis in the FROM field of an email. So your inbox would have an email similar to the picture below.
These subdomains weren’t registered as you would typically do so using your registrar’s online tools. These subdomains were used or added to the FROM field of the email as easily as adding text in a word document. This field is not controlled or monitored by the majority of organisations globally. There is a separate article of email’s 2 FROM fields here – “The Fundamental flaw in email”.
The interesting aspect of this cyber-attack for the majority of organisations, was that they were “blissfully unaware” of the impact of this attack on their:
There is equally a simple resolution to this issue, so don’t despair – there is no need to spend big dollars from your shrinking budget on this security and digital brand issue.
The approach is to simply configure DMARC for all your active domains and subdomains
DMARC has the ability to disallow the use of these fake sub-domains.
A DMARC compliance project is as simple as baking a cake and definitely not as complex as designing a car engine. So what are you waiting for – start baking !!
By Con Lokos