• ProgIST CyberSec Division

DMARC for Banking and Insurance sector



To start with, lets get a brief idea about DMARC


Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an ascendable mechanism by which a mail-originating system can express domain-level policies and preferred for message validation, disposition, and reporting, that a mail-receiving system can be used to improve mail handling.


Originators of Internet Mail need to be able to associate reliable and authenticated domain identifiers with messages, communicate policies about messages that use those identifiers, and report about mail using those identifiers.

These abilities have several benefits like:


Receivers can provide feedback to Domain Owners about the use of their domains; this feedback can provide valuable insight about the management of internal operations and the presence of external domain name abuse.


DMARC does not produce or encourage elevated delivery privilege of authenticated email. DMARC is a mechanism for policy distribution that enables increasingly strict handling of messages that fail authentication checks, ranging from no action, through altered delivery, up to message rejection.


Let us understand the importance of implementing DMARC by looking into a couple of examples of scams happening in the banking and insurance sector.


COVID-19 Car Insurance Scams


In light of the current scenario, where scammers are using COVID-19 as a bait, security researchers warn that fraudsters will run their old playbooks of fraud schemes, but also take advantage of COVID-19 scare, like physical distancing and fear of getting infected by the virus.


Orchestrated accidents are generally defined as an event where someone purposely cause an accident in order to make a claim against your car insurance or their own. Intentionally rear-ending or sideswiping another car are common schemes. Staged accidents are often committed by organized fraud rings.


With a large slice of the country practicing social distancing, there are less cars on the road and less witnesses, giving scammers the opportunity they wish for. Investigators believe scammers will use the fear of spreading COVID-19 as an excuse to discourage police involvement, leaving an opening to file false insurance claims.


Problems arise when people who were not in the car at the time of the “accident” file injury claims, hoping to get a settlement from another driver’s liability car insurance. The COVID-19 scam is similar to the staged accident scam. Scammers may take advantage of others’ fear and suggest a limited exchange of information, such as passenger names. With no police report and no witnesses, they have an excuse to make false injury claims for people who were not in the car.


Here’s what you can do: If you get into a car accident, try to note how many people were in each car and, if possible, their names and contact information while of course maintaining social distancing. You can also call the police and wait in your car.


Auto repair frauds can happen when a repair shop takes advantage of both you and your insurance company. Fraud investigators report that some repair shops charge excessive fees for cleansing, disinfecting, and storing vehicles – claiming they cannot work on vehicles for several days because of possible COVID-19 infection.


Be suspicious with auto repair shops that charge high fees for cleaning and storing your car. Speak with your insurance adjuster before paying any up-front out-of-pocket costs.


COVID-19 Travel Insurance Scams


The Coalition Against Insurance Fraud is urging consumers to be aware of the traps for bogus travel insurance policies that claim to cover COVID-19-related trip cancellations. Most travel insurance policies DO NOT cover pandemics. If someone pitches you a travel insurance that specifically covers COVID-19-related problems, that should raise a red flag.


Be aware of scammers impersonating legitimate travel insurance companies. While some travel insurance companies have extended coverage that would typically be excluded to their policyholders during the COVID-19 outbreak, scammers may try to take advantage of financial anxieties and sell bogus products.


Bank Email Scam


Ask a question to yourself: Why would the bank send you an email asking you for information after you’ve opened an account? After all, after you open up a bank account, they already have all of your information.!


However, many people still fall for professional-looking emails that appear to be from their banks, asking for information to process a transaction or with the excuse of your credit / debit card about to get expired.


If you ever receive an email that looks like it’s from your bank and that asks you for your personal information, DON’T FALL FOR IT.


You might have this question – All of this information is basically a Dos and Don’ts for users... What about the Banks and Insurance companies? Where does DMARC come into the picture?


Here’s where DMARC plays a leading role – With the rise of the social internet and the ubiquity of e-commerce, spammers and phishers have a tremendous financial incentive to compromise user accounts – enabling theft of passwords, bank accounts, credit cards, and more. Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well-known brand into an email gives it instant legitimacy with many users.


End users (customers) can’t distinct a real message from a fake one; and large mailbox providers have to make very difficult (and frequently incorrect) choices about which messages to deliver and which ones might harm users. Senders remain largely unaware of problems with their authentication practices because there’s no scalable way for them to indicate they want feedback and where it should be sent. DMARC addresses these issues. DMARC takes the advantage of the existing email authentication techniques SPF (Sender Policy Framework) DKIM (Domain Keys Identified Mail), also adding an important function, reporting. When a domain owner publishes a DMARC record into their DNS record, they will gain insight in who is sending email on behalf of their domain. This information can be used to get detailed information about the email channel. With this information a domain owner can get control over the email sent on his behalf.


Also, as an additional benefit, Gmail has now integrated with Brand Indicators for Message Identification (BIMI) in which Google confirmed that this engagement will enable organizations, who authenticate their email domains using DMARC, to validate ownership of their corporate logos and securely transmit them to Google. Once these authenticated emails pass all of the anti-abuse checks, Gmail will start displaying the logo in existing avatar slots in the Gmail UI. Which means lesser chances of brand impersonation, lesser chances of your customers getting scammed by your brand name and more trust factor of your emails that are sent to your customer base.! For more information, read our blog about Google – BIMI integration and get to know how DMARC plays an important role in the email ecosystem.


How can we help?


ProDMARC as a product built on a mission to achieve a secure and spoofing free email channels across all of internet space; makes reporting of DMARC, providing volumes and trends of the outbound mails including that of phishing campaigns and yield confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance; smooth and uncomplicated.


To summarize, ProDMARC helps improve customer trust in email communications.

With the economy in slump, ProDMARC announces a limited-time offer during the ongoing pandemic — 15 days of DMARC health assessment report, completely free for all organizations who wish to gain visibility of the mail based phishing threats which are at an all-time high.


Sign up for your 15 day ProDMARC trial by writing to us on info@progist.net

  • LinkedIn
  • Twitter
  • Facebook

© 2020 by Progist.