Prognosis for Email Security 2020
Updated: Feb 11, 2020
As 2020 has kicked off, Business Email Compromise (BEC) has begun to emerge as the top attack modality for email fraudsters targeting the enterprise. In BEC attacks, fraudsters hijack corporate email accounts, spy on communications, and then impersonate the account’s legitimate owner in emails aimed at fleecing companies throughout the extended supply chain.
There are likely to be fewer malware attacks in 2020. Cyber criminals tend to launch less technical, social engineering-based email attacks at a larger scale. Not only are these attacks much harder to detect than phishing emails containing malicious links or content, they can be just as terrifying.
Email based spoofing attacks are highly prejudicial and progressively frequent form of cyber fraud. In a spoofing email attack, a cyber criminal sends an email with a sender address that appears to be from a source the recipient trusts. The email will typically ask the recipient to perform an action that eventually gives attackers access to networks, systems or financial accounts. Email spoofing is usually used in phishing and spear-phishing attacks, and in an impersonation attack where an email may seem to be from senior management asking the recipient to wire money to an account that turns out to be fraudulent.
Organizations may expect updates on regulations resembling the US Department of Homeland Security’s Binding Operational Directive BOD 18-01, mandating executive branch agencies to adopt Domain Message Authentication Reporting and Conformance (DMARC).
Government of United Kingdom has laid out a detailed guidance in August 2016 on implementation of email authentication protocols to prevent email spoofing advising organizations to create policies to check inbound and outbound mails using DMARC.
Reserve Bank of India (RBI) has laid out a mandate in December 2017 advising banks to implement DMARC solution for their email domains including those used by the banks’ partners & vendors to prevent email spoofing, identical mail domains, protection of attachments, malicious links etc.
This standard email authentication protocol helps organizations protect their domains from being pirated and impersonated in email attacks.
Major leading co-operative banks, private sector banks, public sector banks, small financial banks, other financial service providers, NBFCs, life insurance companies, pharmaceutical companies in India have started to implement DMARC.
Keeping in mind the current cyber security landscape, major businesses in India are looking towards building a strong defense mechanism against cyber-attacks and threats; not only from the regulatory requirement perspective but also in a self-initiative manner to boost customer trust.
ProDMARC provides the insight and intelligence which helps in securing the organization’s email domain by facilitating tools (not limited to) to assist SPF, DKIM and DMARC implementation, visibility of the sources of outbound mails viz. own, authorized third parties, spammers or fraudsters, confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance, key insights required for finalizing the migration of DMARC from monitoring to block mode, sample forensic data for the phishing fraud being attempted. Summarizing, ProDMARC helps improve customer and third party trust in email communications.
ProDMARC as a product built on a mission to achieve a secure and spoofing free email channels across all of internet space; makes reporting of DMARC, providing volumes and trends of the outbound mails including that of phishing campaigns and yield confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance; smooth and uncomplicated.