Social Network For Senior Security Executives
SPAM emails have always been a problem for businesses around the world; the menace of mass SPAM emails of early 2000s was controlled with evolution of technology and matured SPAM filtering solutions.
But guess what, the spammers have also evolved and have figured out a way to extort money using SPAM emails. The spammers build your company profile; conduct a recon and identify the senior management team; get details about CEO/MD/CFO of organisation. They identify who has authority to handle finance. They can easily get all this information from your company website OR from LinkedIn. The attack cycle is very simple –
They craft a fake email, going from CEO/MD of company to CFO/Finance head and ask for certain money transfer.
The email may come from real email address of spoofed sender (same domain name as yours) OR it may come from similar name but different email address – depending on skill set of hacker, the sophistication of attack, the mail configuration of recipient mail environment.
This may sound very simple and people assume that who on earth would fall for such an attack, but guess what global business have lost about 2.3 billion USD to such attacks and even FBI had to release an alert on this –
Eventually when this happens to your business, IT gets a call and the pandemonium starts; let’s see how we can be proactive and avoid the situation even to arise.
Awareness : The awareness about cyber risks; the current situation of attacks; how they affect businesses must be shared with all employees at regular interval. The example of CEO fraud emails, the process hacker’s use should be shared with senior management and anyone who deals with finance. If possible at all any change in pre-approved finance process (like changing account number, adhoc transfers) should be validated by a phone call.
This only initiative will save your face when CEO scam email or any other cyber incident happens – think about it.
Technical solution: Every problem has a solution; all it takes is being aware of it and implementing it. The email spoofing problem can be easily avoided by implementing SPF and DMARC.
Meng Weng Wong, in 2003 proposed a solution where email servers “verify” the IP address sending the message was authorised to actually send that message. All you need to do is create SPF record in your DNS server for your domain so that if anyone tries to spoof your domain the email server can actually verify it.
There were some management issues with SPF, and to handle that a new record type – DMARC was introduced. DMARC – Domain-based Message Authentication, Reporting and Conformance is again a record that you create in DNS server and with its certain configuration.
You can use below handy tools to check your SPF and DMARC configuration –
DMARC - https://mxtoolbox.com/dmarc.aspx
You should also consider DKIM, DomainKeys Identified Email, along with SPF and DMARC – these 3 provide adequate security to mitigate email sender frauds.
O365 Transport Rules : You may also consider highlighting emails coming from “outside organisation” with similar names as your company senior management, i.e. assume your CEO’s email is Bill Gates<email@example.com> so if the email comes from Bill Gates<firstname.lastname@example.org> ; you should highlight it that it’s not the CEO but someone else. This will help end users from falling prey to phoney email messages. You can easily do it in hosted/cloud based Microsoft Exchange solution.
However the technical details on how to implement above solution isn’t discussed in this post; but you can have your mail administrators research on these topics and share finding with CIO/Head IT for implementation.
Obviously, the third-party SPAM filtering solutions or in-built protections like with O365 should also be used with "correct" configuration; merely having a product will not help if it's not configured properly.
O365 Transport Rule for spoof prevention - https://knowbe4.zendesk.com/hc/en-us/articles/212679977-Domain-Spoo...
Hope this post helps save you and your company money.