The techniques used by cybercriminals are becoming increasingly more sophisticated, particularly attacks originating through email. Given the critical role email plays in business, it is important to have the appropriate security measures in place. If your organisation's email is not secure an attacker can impersonate you in order to trick people into giving them information, access, or money.
This type of email attack is referred to as ‘Spoofing’. Email spoofing is when a cyber attacker sends an email appearing to come from your organisation’s domain.
What can a spoofing attack lead to?
• Customers replying to spoofed emails with sensitive information
• Customers paying fake invoices sent by attackers impersonating your organisation
• Access to your IT systems and data being enabled after receiving a spoofed email request
Protecting your domain/s from spoofing
Configuring security controls for your business domain/s, including DKIM and DMARC, can help you prevent attackers from impersonating your organisation’s email addresses.
DKIM (Domain Keys Identified Mail)
DKIM is a protocol that allows an organisation to take responsibility for transmitting an email message by signing it in a way that mailbox providers can verify. DKIM record verification is made possible through crypto graphic authentication.
DMARC(Domain-based Message Authentication, Reporting, and Conformance)
A security policy that specifies if emails from your domain/s are to be protected with DKIM. It also means rules can be put in place for when an email fails these checks such as mark as suspicious or block from reaching your inboxes.
Key Benefits of DKIM and DMARC
• Although attackers can still make domains that may ‘look’ like yours, they are prevented from using your real domain name/s.
• Even better, if a situation arises, your IT provider will be able to report on anyone trying to spoof your domain.
• Cyber insurers a real so looking to understand whether DKIM and DMARC are enforced. In some scenarios, doubling premiums if it is not.
If you are concerned about your organisations email security, get in touch with our team of experts today [email protected] or phone 07957 2650.