de | English
IT Security Jan 17, 2020

Phishing & Co.: E-mail protection has top priority.

Phishing, spoofing and CxO fraud are just some of the many ways in which criminals attack corporate e-mail correspondence.

Share article

sven-richter.png
Sven Richter
Professional Consultant

While petty spam can be a major nuisance, companies today have much bigger fish to fry when it comes to e-mail security. Modern attacks employ elaborate methods to extract information from employees, such as phishing and spoofing attacks with legitimate-looking e-mails and senders, and CxO fraud, in which attackers pose as senior managers to trick employees into ill-advised actions.

 

Anti-spam and anti-malware protection today often focuses on what happens within a corporate network, with a variety of on-premise and cloud-based solutions available from Bechtle offering baseline to very advanced security.

 

However, e-mail security must reach further than just intra-network communication, as criminals can also exploit corporate domains and thus the very identity and brand of a company to scam others anywhere in the world. Some effective ways to keep your domain protected are SPF, DKIM and DMARC.

CxO fraud

 

CxO fraud is a variant of e-mail spoofing in which senders pose as c-level executives, typically requesting employees to send large money wires to a complicit account. For employees, these spoofs are often impossible to detect, as scammers go to great lengths to research current business dealings.

 

  • SPF

The Sender Policy Framework (SPF) is an authentication method that keeps a list of legitimate mail servers in a DNS record within your own domain. This enables e-mail providers worldwide to check which servers are authorised to send e-mails on your behalf, flag messages from unauthorised servers as spam, or, ideally, block them right away.

Phishing

 

Phishing refers to fraudulent attempts to obtain sensitive information such as login credentials through websites or e-mails forged to look just like genuine communication from a trusted source.

 

  • DKIM

DomainKeys Identified Mail (DKIM) employs electronic signatures to confirm an e-mail’s integrity to the recipient. The sender’s public key in the DNS enables the recipient system to verify the e-mail against it and effectively guarantee the sender really is who they claim to be. The sender’s corporate e-mail gateway must be equipped to affix a signature to outgoing e-mail.

Spoofing

In IT security, spoofing refers to attacks in which people or applications identify as someone or something they are not. In e-mail spoofing, scammers spoof the information shown in the ‘from’ field to look like a trusted address.

 

  • DMARC

As an extension to SPF and DKIM, the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol tells the recipient system how to process incoming e-mail. Like the SPF and DKIM mechanisms, it relies on information published in a DNS record, such as what should happen if an e-mail fails SPF or DKIM. This way, the recipient system can e.g. quarantine or block suspicious messages. In addition, DMARC enables companies to collect reports from other providers on the extent to which their own domain is being abused.