Phishing, once a key threat in the banking and finance sector, has now become a technique used by hackers targeting every industry sector – none is immune.
The Symantec Internet Security Threat Report always make a great read !.
Phishing, spear phishing, Business Email Compromise (BEC), whaling, CEO Email Abuse and of course SPAM – technically there are differences that would be lost to the average consumer but at the most basic level – these are all examples of fake emails.
So the question is – “what controls can be put in place to tackle the issue of fake emails ?”
Solutions do exist of course, both simple and more advanced. Don’t forget that email has been around for many decades – I remember offering managed email services with 50 MB of storage at the turn of this century – yes megabyte !!
Many organisations deploy solutions without taking the time to analyse the issue and are essentially throwing money away. For example :
- Phishing – targeting consumers with emails that contain URL links to hacked webpages (phishing page) or malicious attachments – ACTION – perform enforcement to remove (takedown) of phishing page.
- Spear Phishing /BEC / other variant – inbound targeting of employees that similarly contain malicious URLs and attachments – ACTION – subscribe to expensive cloud email filtering services that employ extensive Artificial Intelligence / Machine Learning (sic)
And yet – phishing (outbound) to consumers and spear phishing/BEC (inbound) still get through !
Here’s a very important tip – First step to fixing the (spear) phishing issue is :
Identify and reject the spoofed (spear) phishing emails that use your email domain.
The most obvious and widely used technique to impersonate an organisation (brand abuse) is to use their own email domain in the FROM address ie someone@mybank.com. The objective is to identify (audit) how the email domains are being used and by whom, and STOP any abuse by REJECTING fake/spoofed emails.
The average recipient doesn’t appreciate that email in fact has 2 FROM addresses -the first in the email header, MAIL.FROM and the FROM address that we see in our email inbox. We covered this in one of our first blogs – The fundamental flaw in Email .
Basic email controls exist to interrogate the MAIL.FROM email domains but only recently with the introduction in 2015 of DMARC (Domain-based Message Authentication, Reporting and Conformance) RFC 7489, has it provided us the ability to compare the domain across both the FROM and the MAIL.FROM addresses.
Tackle the basic 101 of email security hygiene steps before moving to tackle the other variants such as homo-glyph and display text abuse.
Undertake a DMARC Compliance project to lock down the organisation’s email domains against abuse.
In fact, it is Ingressum’s policy to ONLY provide our Online Fraud/Phishing Protect service to perform takedowns of phishing pages when we also undertake a DMARC Compliance project as well. Without controlling who can use the organisation’s email domains, you will be continually throwing money away by subscribing to expensive takedown services without tackling the cause.
After all, we protect our personal assets by locking the doors and windows when we leave home – now we can also provide this basic security for our organisation’s digital assets !
Pingback: Buy Toradol (Ketorolac) 10mg Online - Best Prices 2023
Pingback: buy methotrexate injection online
Pingback: cheaper zetia
Pingback: buy etodolac 2023
Pingback: discount card for lamictal
Pingback: buy metoclopramide
Pingback: buy strattera uk
Pingback: trileptal cheap
Pingback: exelon tablet dosing
Pingback: benadryl pills itching
Pingback: buy tizanidine no prescription
Pingback: buy ventolin cheap
Pingback: colchicine buy in canada
Pingback: buy nitrofurantoin online
Pingback: where can i buy lamisil
Pingback: zocor prices
Pingback: dilantin generic
Pingback: diltiazem prices
Pingback: buy generic meclizine
Pingback: naltrexone discount
Pingback: buy actos uk
Pingback: cheap prednisone
Pingback: buy fosamax
Pingback: olanzapine prices
Pingback: buy amantadine
Pingback: buy requip xl
Pingback: triamterene 2023
Pingback: can i buy bentyl over the counter
Pingback: buy arimidex - liquid
Pingback: where can i buy nizoral ad
Pingback: fluoxetine 10mg
Pingback: buy dulcolax tablets
Pingback: levothyroxine 2023
Pingback: compazine 10 mg oral tablet
Pingback: cheapest lipitor australia
Pingback: elavil 75mg
Pingback: cheapest keppra
Pingback: can buy diclofenac tablets over counter
Pingback: cheap pentoxifylline
Pingback: furosemide 40mg
Pingback: generic doxazosin
Pingback: topamax tablets
Pingback: buy orlistat in canada
Pingback: cheap coumadin
Pingback: buy ranitidine
Pingback: decadron 1mg
Pingback: nitroglycerin price
Pingback: buy seroquel xr 300
Pingback: lopressor 25mg
Pingback: tamoxifen generic
Pingback: cefdinir online
Pingback: order premarin online
Pingback: buy metoclopramide
Pingback: buy ibuprofen 2023
Pingback: cheap generic prevacid
Pingback: buy claritin eye drops canada
Pingback: cheap losartan
Pingback: buy flonase over counter
Pingback: where to buy robaxin
Pingback: minipress prazosin tablets
Pingback: buy divalproex
Pingback: order tizanidine online
Pingback: buy glucophage metformin
Pingback: where to buy lasix online
Pingback: celebrex discount card
Pingback: pyridium 200mg
Pingback: prednisolone 20mg
Pingback: buy hydrochlorothiazide 2023
Pingback: where can i buy clonidine
Pingback: where to buy allegra 60 mg
Pingback: order norvasc no prescription
Pingback: zyprexa buy online
Pingback: generic buspar
Pingback: discount januvia canada
Pingback: dimenhydrinate generic
Pingback: best place to buy propecia
Pingback: flomax cheaper
Pingback: buy tegretol online uk
Pingback: aricept tablet
Pingback: haldol 1.5mg
Pingback: cheap lisinopril
Pingback: buy two prilosec get 25
Pingback: atarax tabletten wirkung
Pingback: buy depo provera shot no prescription
Pingback: do you need a prescription to buy ventolin
Pingback: what does clonidine pills look like
Pingback: atarax 10mg tablets used