If you work in a business and are reading this story, the chances are you will be targeted today by an email fraudster.
Despite the rise of Slack and other communication channels, email still rules when it comes to exchanging information with partners.
Therefore it is the avenue that criminals still use most when seeking to deliver malware. The number of malicious emails has increased rapidly in recent years.
‘Business Email Compromise’ attacks, where the criminal impersonates a trusted contact such as a senior executive to trick a victim into giving up data or authorising a payment, are particularly dangerous and can cost millions of pounds.
Organisations are also at risk of criminals hijacking their brand to launch phishing campaigns against customers.
Ravi Khatod is the CEO of Agari, which tracks billions of messages every month for evidence of wrongdoing.
“These attacks are damaging for everyone involved as individuals targeted by fraudulent emails will be less trusting of genuine contact from that organisation in future and may even blame them for the malicious emails,” he told BusinessCloud.
Fraudsters can call on different tricks to disguise their identity and impersonate a trusted brand, but one of the most common is spoofing.
This enables the attacker to alter the email’s header, so a message from [email protected] will be displayed as [email protected] instead.
Savvy users can see through this by looking into the header and checking the IP address, but very few are likely to bother checking every email in their inbox.
Deceptive emails are often able to slip through traditional email security filters. These systems are designed to look for malicious attachments and keywords, and a well-made spoofed email is functionally identical to the real thing.
“Imposters can still be identified with the right tools,” Khatod said. “One of the most useful anti-spoofing measures is DMARC (Domain-based Message Authentication, Reporting & Conformance), a free-to-use email security standard.
“DMARC can identify when the domain in the header does not match the real IP. Domain holders can set their policy to ‘reject’, blocking these emails outright, or ‘quarantine’, isolating them for investigation.”
#DMARC is the most effective way to secure your email – check out our webinar on demand to see how you can automate #phishing prevention via DMARC email authentication: https://t.co/rkn32jSfYe pic.twitter.com/Vbpbz4zQcF
— Agari (@AgariInc) September 19, 2018
A more recent development in the fight against deceptive emails is ‘Brand Indicators for Message Identification’, which entered a trial period earlier this year.
Utilising artificial intelligence, it is designed to prevent brand impersonation over email, social media and messaging applications.
Email providers Comcast, Google, Microsoft and Oath (parent of Verizon, Yahoo and AOL), have teamed up with Agari’s support to establish this new standard of email authentication that attackers will not be able to co-opt or side-step.
BIMI provides reassurance and security by displaying the company logo in all authenticated emails to provide a clear symbol of trust, recognisable even by the least tech-savvy user.
“Regaining control of their brands will deliver clear benefits to businesses,” said Khatod. “Firstly, an end to fake marketing messages from spoofers, allowing genuine email campaigns much greater engagement.
“Alongside their customers, organisations will also be able to inspire greater trust both internally and with their partners, as the BIMI standard will also prevent Business Email Compromise and other email attacks on the company.”