Phishing is one of those cybersecurity problems that continues to be a main cause of malware infections and data breaches. It just won’t go away and continually gets worse.
In 2019, 65% of US businesses were the victim of a successful phishing attack, which is 10% higher than the global average.
While companies can put in software-based cybersecurity measures and managed I.T. services, which greatly mitigate the risk of damage due to phishing, it still continues to be a major source of user error-related data breaches.
Humans can be tricked much more easily than an anti-malware app. That’s why hackers continue to use phishing as their “go to” method of delivering all types of cybersecurity threats.
The FBI saw a 400% increase in cyberattacks this year due to the pandemic.
One of the tricks that phishing attackers use to trick recipients into believing a phishing email is real is called “email spoofing.” This is when they use a legitimate email address in the “From” area of an email message, but the email is not actually being sent from that company.
For example, your accounting person might receive a strange email purporting to be from your bank asking them to do an account password reset. They look at the email address in the From line, and it’s from the bank’s actual email domain (@name.com address), or at least it appears to be.
This causes them to trust the phishing email and click the link, compromising the company’s bank account details.
Email spoofing can also be done on your own company’s domain. Hackers will use this trick when sending emails to your employees, customers, or vendors.
The use of email spoofing in phishing attacks has become such a problem, that Microsoft recently added anti-spoofing measures in Exchange Online Protection.
Using Email Authentication to Combat Email Spoofing
One of the ways that Microsoft’s anti-spoofing protection works is to use email authentication. Email authentication is a series of three protocols that can be applied to any mail server. It basically verifies that the email in the “From” line is legitimately where the email was sent from.
Emails that don’t make it through the authentication protocols can be sent to a quarantine or spam folder or bounced, depending upon your settings.
Email authentication uses three layers of protection. Each of these three protocols serves a different purpose and they are designed to work together to protect your business from receiving phishing attacks that use email spoofing.
Using authentication for your email can also alert you if anyone is trying to spoof your email domain.
Here’s how email authentication works.
Step 1: SPF (Sender Policy Framework)
The SPF authentication protocol is designed to add a TXT record to your domain’s DNS record. It identifies the mail server IP addresses that are allowed to send email for your domain name.
When a hacker is using their mail server to send phishing emails, the IP address of that server is not going to be on the approved IP address list for your email domain, thus, it’s not going to pass the SPF email authentication.
Your approved list of IP addresses that can send email for your company may include:
- Your own email server or service (e.g. Microsoft Exchange)
- Any third-party apps you use to send email, like Mailchimp or Salesforce
Step 2: DKIM (Domain Keys Identified Mail)
The next step in the process is the DKIM protocol. This one uses a set of keys, one of which resides on your mail server and another that is added to your email’s digital signature.
DKIM ensures those keys match after a message has been delivered, which confirms nothing has been changed during transit. It’s another double check that goes a bit deeper that lets the receiving mail server know the message was legitimately sent from your mail server and isn’t spoofed.
Step 3: DMARC (Domain-based Message Authentication, Reporting, and Conformance)
DMARC is designed to bring the entire authentication process home by confirming to the mail server whether both SPF and DKIM have passed or not. It also can tell the receiving mail server what to do with the messages.
For example, using DMARC, you can relay commands, such as:
- Report back all messages that have or have not passed email authentication
- Put messages that don’t pass authentication in a quarantine or trash folder
The Importance of Using Email Authentication
There are a few different reasons it’s important to update your mail server using the SPF/DKIM/DMARC authentication protocols.
Email authentication can stop spoofed emails from getting to your user inboxes, which can drastically reduce your risk of falling victim to a phishing attack.
It can alert you if your company’s domain is being spoofed. If you have a heads up that your own domain is being spoofed, you can proactively warn customers or vendors and recommend they also use email authentication to protect themselves.
It can ensure your emails don’t get bounced. When Microsoft put anti-spoofing measures in place, companies suddenly found their emails from programs like Mailchimp being blocked because the IP address wasn’t matching the “From” email domain. Email authentication allows you to fix that by setting up approved email senders and including their IP addresses in your mail records.
Get Help with Email Security from Tuned IT
From helping you with email authentication setup to putting antivirus and anti-phishing protections on your accounts, we can help you improve your email security to prevent a future attack.
Contact us today to learn more! Call 0191 662 0023 or reach out online.