How to Fight Business Email Compromise (BEC) with Email Authentication?

1
How to Fight Business Email Compromise (BEC) with
Email Authentication?

• A constantly evolving and raging kind of
  cybercrime geared towards email as a potential
  method of committing fraud is called business
  email Compromise.
• In the case of government, commercial and
  non-profit organizations, BEC can lead to massive
  amounts of data loss, security breaches, and
  compromised financial assets.
• There is a widespread belief that cybercriminals
  tend to put their sights on MNCs or enterprises.
  Today, smaller enterprises are just as
  susceptible to fraud via email as larger
  companies.

2
What are the implications of BEC for
organizations?

• The types that fall under BEC comprise
  sophisticated attacks such as CEO fraud, fake
  phishing invoices, email spoofing, to mention
  some. It could also be described as an
  impersonation attack, where an attacker seeks to
  defraud an organization by impersonating people
  who hold authority posts. Impersonating the CEO
  or CFO or a business partner or anyone else you'd
  put your faith in, is the reason behind the
  success of these attacks.
• The month of February 2021 was a perfect time to
  document the actions in the Russian cyber group
  Cosmic Lynx, which employed a sophisticated
  strategy to combat BEC. The group had been
  associated with conducting more than 200 BEC
  campaigns since July of 2019 with over 46 nations
  worldwide, focusing on large multinational
  corporations with an international presence. With
  exceptionally well-written phishing emails and a
  lack of proof to discern between fake and genuine
  messages.
• Remote-working has made video-conferencing
  applications essential post-pandemic.
  Cybercriminals profit from this fact by sending
  fake emails pretending to be a message of the
  video-conferencing service, Zoom. The aim is to
  steal login credentials to carry out massive data
  breaches at companies.
• It is evident that the importance of BEC is
  quickly surfacing and has been increasing in
  recent years as threat actors come up with new
  and inventive methods to evade fraud. BEC has a
  direct impact on greater than 70 per cent of
  businesses globally and causes losses of millions
  of dollars each year.
• That's why experts in the field are working on
  protocols for email authentication such as DMARC
  to provide a high level of security against
  impersonation.

3
What exactly is Email authentication?

• Email authentication is described as various
  methods that give verifiable details about the
  source of email messages. This is accomplished by
  verifying the domain ownership for the email
  transfer agent(s) responsible for transmitting
  the message.
• Simple Mail Transfer Protocol (SMTP), which is
  the standard used in the industry for email
  transfer, does not have an in-built feature to
  allow message authentication. This is why it is
  easy to exploit the vulnerability of SMTP and is
  a breeze for hackers to launch email Phishing and
  domain spoofing attack.
• This is a sign of the importance of reliable
  email authentication protocols, such as DMARC,
  that fulfills its promises!

4
How to Prevent BEC by using DMARCStep 1
Implementation

• The first step towards combating BEC is
  configuring DMARC to your specific domain.
  Domain-based Message authentication, reporting,
  and Conformance (DMARC) utilize SPF and DKIM
  security standards for authentication to confirm
  the emails sent by your domain.
• It specifies to the receiving server the
  procedure to reply to emails that fail both or
  neither of these authentication tests and gives
  the domain owner the ability to control the
  receiver's response. To implement DMARC, you will
  need to
• Find all email sources that are valid and valid
  for your domain
• Make SPF records available within your DNS to set
  up SPF on your domain
• Publishing DKIM records in DNS for your domain to
  set up DKIM on your behalf
• Create a DMARC record in DNS to set up DMARC to
  your specific domain
• To make things simpler, To avoid any
  complexities, utilize EmailAuth's free tools (
  the free record maker for SPF records and free
  DKIM record maker, and free DMARC record-maker)
  to generate records that have the correct syntax
  immediately and then publish them to the domain's
  DNS.

5
Step 2. Enforcement

• Your DMARC policy could be set to
• Pnone (DMARC for the monitoring level only,
  messages that fail authentication will still be
  delivered)
• Pquarantine (DMARC at the time of enforcement
  messages that do not authenticate would be
  removed from quarantine)
• Preject (DMARC at maximum enforceability
  messages that fail authentication will not be
  sent in any way)
• We recommend that you begin using DMARC with a
  policy that allows monitoring for only one email
  to keep an eye on the delivery and flow of email
  issues. But such a policy will not provide any
  security against BEC.
• It is why you will eventually have to switch to
  DMARC enforcement. EmailAuth allows you to
  seamlessly transition into enforcement from
  monitoring in just a few minutes by implementing
  a policy called preject. In addition, it can
  help inform the servers receiving emails that any
  email received from a source of malicious intent
  that uses your domain will not be sent to the
  recipient's inbox or inbox at all.

6
Step 3. Monitoring and reporting

• You've set your DMARC policy to enforce, and you
  have managed to reduce BEC however, is this
  enough? No. Still, you require a robust and
  efficient reporting mechanism to track email flow
  and address any issues with delivery. EmailAuth's
  multi-tenant SaaS platform can help you
• You are in charge of your domain
• You can visually check the authentication results
  for each user, email and domain registered to
  you.
• remove the abusive IP addresses to impersonate
  your brand
• DMARC reports are accessible through the
  EmailAuth dashboard in two primary formats
• DMARC Reports aggregated (available in seven
  different ways)
• DMARC for forensic reports (with encryption for
  improved security)
• A combination of DMARC implementation,
  enforcement, and reporting will help you
  significantly decrease the chance of becoming a
  victim of BEC frauds and impersonations.

7
If I have Anti-Spam Filters in place, do I Have
DMARC?

• Yes! DMARC is different from your typical
  anti-spam filters and email security gateways.
  Although these tools are typically in conjunction
  with cloud-based email exchangers, they only
  provide security against phishing attempts that
  come inbound.
• Any messages sent through your domain remain at
  risk of being viewed as impersonations. This is
  the reason why DMARC comes in.

8
Additional Tips to Improve Email SecurityNever
exceed the 10-year DNS Search Limit.

• Overstepping the limit of SPF 10-lookup
  limitation will render invalid your SPF record
  and even legitimate emails to be rejected for
  authentication.
• If you are using a DMARC configured to reject
  authentic emails, they will be unable to be sent.
  EmailAuth SPF is an automatic and constantly
  changing SPF record flattener, which helps reduce
  SPF permerrors by helping you remain within the
  SPF hard limit.
• It updates itself automatically and scans for any
  changes made by email providers' IP addresses
  continuously without any intervention from your
  part.
• Verify that Emails are encrypted using TLS when
  in Transit
• While DMARC will protect you from social
  engineering attacks and BEC, you need to prepare
  yourself for the widespread monitoring attacks
  such as Man-in-the-middle (MITM).
• This can be accomplished by ensuring that a
  connection that TLS secures is handled between
  SMTP servers whenever an email gets sent out.
• EmailAuth's hosted MTA-STS is TLS encryption
  mandatory for SMTP and has simple implementation
  procedures.

9
Receive reports on issues with the delivery of
emails

• You can also turn on SMTP TLS reporting to obtain
  the diagnostic reports regarding email delivery
  issues following the configuration of MTA-STS on
  your domain. TLS-RPT lets you gain insight into
  the email environment and helps you better
  address problems in negotiating a secure
  connection, which can cause delivery problems.
• TLS reports are accessible in 2 different views
  (aggregate reports by the result and per sender
  source) on the EmailAuth dashboard.

10
Increase the effectiveness of your brand recall
with BIMI

• Utilizing BIMI (Brand Indicators for Message
  Identification), it is possible to enhance your
  brand's recognition to a new level by assisting
  your customers to be visual identify you within
  their inboxes.
• BIMI operates by attaching your logo and brand's
  uniqueness to each email you send via your
  domain. EmailAuth helps make BIMI installation
  simple with only three simple steps for the
  user's side.
• Have you found this article informative? Then,
  follow us via Facebook, Instagram and LinkedIn to
  access more exclusive content we publish.