According to the FBI’s 2018 Internet Crime Report, the financial losses associated with Internet crime increased by 90.8 percent from 2017 to 2018. The highest losses came from business email compromise (BEC) and email account compromise scams, with 20,373 victims losing a total of $1.3 billion.
BEC, referred to as “fake president” or “fake CEO” scams when they first became popular, is an attack technique in which a fraudster spoofs or hacks the publicly available email of a senior executive or finance employee. Generally, users who are authorized to perform wire transfers or have access to sensitive data are targeted.
BEC attacks work well because there’s no malicious link or attachment for traditional security software to detect. The email appears as a legitimate request for invoice payment or wire transfer. The fraudster is simply impersonating someone and using social engineering to trick victims into transferring money to fraudulent bank accounts or sharing sensitive data.
BEC is part of the fake email trend that shows no signs of slowing down. Cyberattacks involving spoofing and phishing are rampant. In fact, a new report from Valimail found thatmore than 3.4 billion fake emails per day are sent worldwide, with the vast majority coming from senders based in the U.S. During the first quarter of 2019, 1.2 percent of all emails sent were fake.
There is a silver lining, as many industries have begun to beef up their defenses against BEC by adopting email authentication protocols. Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a standard that has been particularly effective at keeping fake emails out of inboxes.
Ratified in 2015 and adopted by the U.S Department of Homeland Security in 2017, DMARC is an authentication layer that sits on top of the Domain Keys Identified Mail (DKIM) and Sender Policy Framework (SPF) protocols. DKIM verifies that an authorized domain was used to send an email by attaching an encrypted verifier to the header of the email. SPF allows an organization to define the email exchanges that are permitted to send email for a domain, allowing emails sent from a valid IP address to be verified.
A DMARC policy is added to a DNS record for the domain, telling receiving mail servers to use SPF or DKIM to authenticate emails. If the receiver has DMARC “enforcement” turned on, authenticated emails are allowed to reach recipients and those that aren’t are either quarantined in the recipient’s spam folder or outright rejected. DMARC also allows receivers to provide senders with reports of the policy violations that prevented emails from being delivered so they can shore up their defenses.
Although 80 percent of all inboxes use DMARC to monitor incoming emails, enforcement rates are only about 20 percent, according to the Valimail report. DMARC is complicated to configure and can cause legitimate emails to be rejected if it’s not implemented correctly. As a result, many organizations err on the side of caution and use DMARC for monitoring only.
Increasingly, organizations are turning to vendors such as Verteks to get the best results from their DMARC solutions. Let us help you configure and implement DMARC to reduce the risk of BEC scams and keep fake emails from reaching your employees’ inboxes.