The importance of DMARC as phishing attacks are on the rise

Phishing attacks are up over 600% since the beginning of CoVID-19. Many of these attacks target companies and are taking advantage that much of the workforce may still be working remotely, and therefore not have the same level of protection or communication they enjoyed previously.

How do phishing attacks like these pose a risk?

Many of these phishing attacks employ the usage of the company’s domain (i.e. — or look alike domains. They may be utilized to try to exfiltrate sensitive information, leading to a data breach, or to take over accounts in order to enhance the scope of the phishing attack — or both.

How does an attacker use our company’s domain name?

SMTP is used for email transport, and it is a rather old protocol that has not been updated to mitigate phishing and spoofing risks for decades. This means that, by default, SMTP allows anyone to spoof your domain name.

In fact there are a panoply of tools that spammers and phishing campaigns use for exactly this purpose. They’re off the shelf, easy to use and relatively cheap (or in some cases free).

That means that if your company isn’t protecting its domain from email spoofing attacks, it is most likely vulnerable.

What measures are available to mitigate risk?

In the case of spoofing a company’s domain to send email, there are strategies available to mitigate those attacks. One of these strategies is having a DMARC (Domain-based Message Authentication, Reporting & Conformance) framework in place to mitigate domain spoofing.

DMARC works by creating a framework driven by a combination of cryptographic signature verification (DKIM), DNS records (SPF as well as DMARC) in order to validate the authenticity of an email message’s origination.

Having DMARC in place not only helps to alleviate internal risk, but it also helps to reduce risks to other companies that may originate with your domain name, and as a result reputational and legal liabilities.

Is DMARC right for my company?

Most companies do not use DMARC, but they should consider doing so. Not only does DMARC help to significantly improve the security of your domain by reducing the chance of spoofed emails, but it also increases the deliverability of your messages to recipients.

DMARC is seen as a sort of anti-spam signal. That is to say, when a domain is properly setup with DMARC, receiving servers see that as a sign of legitimacy and are more likely to not filter that message out.

Meanwhile, those that do attempt to spoof your company’s domain to send unauthorized emails from it will see the deliverability of their messages decrease to practically zero.

This is a double whammy of winning as phishing attacks can be crippling and any measures we can take to mitigate them is a valuable investment of business capital. While simultaneously improving deliverability of email, which tends to be a problem that impacts many companies, both large and small.

Envescent collectively has over 50 years of experience with DNS, email, security and related subjects. We can help secure your company’s email and DNS configuration.

Reach out to us for help!

Posted in Cloud, cybersecurity.