Phishing, once a key threat in the banking and finance sector, has now become a technique used by hackers targeting every industry sector – none is immune.
The Sophos Threat Report always make a great read !.
Phishing, spear phishing, Business Email Compromise (BEC), whaling, CEO Email Abuse and of course SPAM. Technically there are differences that would be lost to the average consumer but at the most basic level – these are all examples of fake emails.
So the question is – “what controls can be put in place to tackle the issue of fake emails ?”
Solutions do exist of course, both simple and more advanced. Don’t forget that email has been around for many decades. I remember offering managed email services with 50 MB of storage at the turn of this century – yes megabyte !!
Many organisations deploy solutions without taking the time to analyse the issue and are essentially throwing money away. For example :
- Phishing – targeting consumers with emails that contain URL links to hacked webpages (phishing page) or malicious attachments. ACTION – perform enforcement to remove (takedown) of phishing page.
- Spear Phishing /BEC / other variant – inbound targeting of employees that similarly contain malicious URLs and attachments – ACTION – subscribe to expensive cloud email filtering services that employ extensive Artificial Intelligence / Machine Learning (sic)
And yet – phishing (outbound) to consumers and spear phishing/BEC (inbound) still get through !
Here’s a very important tip – First step to fixing the (spear) phishing issue is :
Identify and reject the spoofed (spear) phishing emails that use your email domain.
The most obvious and widely used technique to impersonate an organisation (brand abuse) is to use their own email domain in the FROM address ie email@example.com. The objective is to identify (audit) how the email domains are being used and by whom, and STOP any abuse by REJECTING fake/spoofed emails.
The average recipient doesn’t appreciate that email in fact has 2 FROM addresses -the first in the email header, MAIL.FROM and the FROM address that we see in our email inbox. We covered this in one of our first blogs – The fundamental flaw in Email .
Basic email controls exist to interrogate the MAIL.FROM email domains but only recently with the introduction in 2015 of DMARC (Domain-based Message Authentication, Reporting and Conformance) RFC 7489, has it provided us the ability to compare the domain across both the FROM and the MAIL.FROM addresses.
Tackle the basic 101 of email security hygiene steps before moving to tackle the other variants such as homo-glyph and display text abuse.
Undertake a DMARC Compliance project to lock down the organisation’s email domains against abuse.
In fact, it is Ingressum’s policy to ONLY provide our Brand Defense/Phishing Protect service to perform takedowns of phishing pages when we also undertake a DMARC Compliance project as well. Without controlling who can use the organisation’s email domains, you will be continually throwing money away by subscribing to expensive takedown services without tackling the cause.
After all, we protect our personal assets by locking the doors and windows when we leave home – now we can also provide this basic security for our organisation’s digital assets !