Technology and its rapid strides have made cybersecurity and related crimes a major area of concern for businesses. Emails are a key source of infiltrating businesses and their internal IT systems. Commonly referred to as BEC or Business Email Compromise, attackers use emails-based malicious tactics to gain access to the company’s business email account and commit fraud against its partners, customers, or employees. BEC attacks also make target organizations vulnerable to future security breaches, massive data losses, and financial asset compromise.
BEC attacks are not just for enterprise-level organizations or big MNCs. In actuality, they also target small and medium-sized enterprises (SMEs) too. Here are some more details about BECs to help you better understand this cybersecurity threat:
Common Types of BEC Attacks
- Fraudulent CEOs – Attackers impersonate the company’s CEO or any other executive and send an email to finance personnel requesting the transfer of money to a bank account they control.
- Compromised Account – The email account of a senior executive or employee is stolen and used to solicit invoice payments from vendors mentioned in their email contacts. The funds are subsequently transferred to bogus bank accounts.
- Attorney Impersonation – Attackers pose as a lawyer or a member of a law firm and make fraudulent requests for sensitive and confidential information. Requests are usually made via email or phone.
Understanding Email Authentication
Email authentication includes deploying standards and protocols to gather verifiable information on the origin of emails. This is accomplished by verifying the domain ownership of the mail transfer agent(s). The industry standard for email transfer, Simple Mail Transfer Protocol (SMTP), does not have a built-in mechanism for message authentication. As a result, cybercriminals can easily launch domain spoofing and email phishing attacks by abusing the absence of security. This emphasizes the significance of email authentication protocols such as Domain-Based Message Authentication, Reporting, and Conformance (DMARC).
How to Prevent BEC Using DMARC?
Step 1: Implementation
Configuring DMARC on your domain is the first step in preventing BEC attacks such as email phishing and domain spoofing. SPF and DKIM authentication standards are used by DMARC to authenticate emails sent from an organization’s domain. It gives the domain owner complete control of the receiver’s response and tells receiving servers how to handle emails that fail one or both of these authentication tests.
To implement DMARC:
- Check all authorized email providers for your domain.
- To configure SPF for your domain, publish the SPF record in your domain.
- To configure DKIM for your domain, add a DKIM record to your DNS.
- To configure DMARC for your domain, add a DMARC record to your DNS.
For a step-by-step guide to configuring DMARC on your domain, head to DMARC Setup Guide.
Step 2: Enforcement
You can configure your DMARC policy to:
- Monitor Policy (p= none)
The first policy is the monitor policy, i.e., p= none. This policy, as the name suggests, mainly focuses on monitoring and providing insights into the email channel. The configuration won’t impact the deliverability of the email but will only give information on who’s sending the email on behalf of the domain.
- Quarantine Policy (p= quarantine)
The second policy is the quarantine policy, i.e., p= quarantine. If an email passes the DKIM and/or SPF authentication checks, then it is directly placed in the primary inbox. But if the email fails authentication, then it is sent to the junk or spam folder. Thus, the quarantine policy mitigates the impact of spoofing, but it does on entirely block the spoof email.
- Reject Policy (p= reject)
The third policy is the reject policy, i.e., p= reject. If a message fails the DKIM and/or SPF authentication checks, then this policy instructs the receiver to delete the message entirely. However, if an email passes the authentication check, then it is delivered to the primary inbox of the receiver. This policy entirely eradicates the threat of spoofing.
Implementing and enforcing DMARC on your business email domain helps you drastically lower BEC attack risks for your organization. For more in-depth information on DMARC and its policies, head to What is DMARC?