" dkim Archives - LuxSci

Posts Tagged ‘dkim’

How to Avoid Business Email Compromise Attacks

Tuesday, July 5th, 2022

Business email compromise (BEC) attacks are on the rise and are poised to eclipse ransomware as the biggest threat to cybersecurity. Since 2016, $43 billion has been stolen through BEC. Even more concerning, there has been a 65% increase in BEC from 2019 to 2021. This article explores what business email compromise scams are and what steps organizations can take to avoid them.

business email compromise

What are Business Email Compromise Attacks?

In business email compromise scams, attackers infiltrate or impersonate a legitimate corporate email account. They then send phony invoices or initiate contract payments that trick unsuspecting businesses into wiring money to criminals.

These scams rely on humans making the wrong choices. Some examples of business email compromise scams include:

  • A criminal impersonates a vendor and sends a fake invoice to the accounting department.
  • Someone who appears to be the company CEO asks an assistant to make a wire transfer to an unknown account.

Some of the tactics used include:

  • Domain name spoofing: Domain name spoofing involves changing the sender’s “From” address to match the recipient’s domain in the message envelope. Criminals can also use a legitimate domain as the “From” address and a spoofed “Reply-To” domain in the message header.
  • Display name spoofing: The attacker registers a free email account to impersonate a vendor or employee. The attacker would configure the display name to match the employee’s name and then send phishing messages from this account. This technique is effective because recipients often only look at the display name, not the email address. In fact, many email clients will only show the display name when viewing the message, making it easier to hide the sender’s real identity.
  • Lookalike domain spoofing: The attacker may register fake domain names that contain characters that look similar to those in the actual domain name. For example, replacing the lowercase “l” in luxsci.com with an uppercase “I.” The criminal will send phishing emails from this domain to trick the recipient into thinking the message is legitimate.
  • Email Account Compromise: Another common tactic is taking over legitimate email accounts that have been compromised through malware or social engineering to steal data or funds.

How to Prevent Business Email Compromise Attacks

One of the reasons that business email compromise attacks are increasing is because they are often successful. Email filters and content scanning can do little to stop sophisticated social engineering attacks. Nevertheless, there are steps that organizations can take to stop BEC scams.

SPF, DKIM, and DMARC

Implementing technical controls can help prevent BEC scams from succeeding. As discussed above, many attacks use display or domain name spoofing to impersonate company accounts or individuals.

Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC) are anti-spoofing email authentication techniques that use DNS records to validate the sender of an email. Ensure the organization’s domain has valid SPF, DKIM, and DMARC records. Make sure the email provider analyzes all inbound email traffic using these tools.

Viewing the headers of a suspicious message is also an excellent way to detect fraudulent domains. See Gmail, Outlook, Apple Mail, and More: How to View Headers in Email to learn how to see these in the most popular email clients. This can help reveal the actual sender of someone using a spoofed domain or display name.

In addition, implementing email filtering and scanning tools can help flag suspicious links and protect against phishing attacks.

Employee Training

Helping employees recognize business email compromise scams is essential to avoiding them. All employees, not just those with access to sensitive data or financial information, should understand the tactics used by cybercriminals in BEC scams.

Employees should be aware that attackers can use the information they share online via social media against them. Birthdates, pets’ names, nicknames, and information about time off can be used to impersonate others and trick individuals.

Ensure employees are implementing strong passwords and using multifactor authentication to prevent account compromise and stop them from changing account credentials.

Policy and Procedures

Creating clear policies and procedures can help alleviate confusion and prevent individuals from taking action without thinking. For example, organizations should have clearly defined procedures for how and when vendors will send invoices and be paid. That way, when an unexpected email comes in from a “vendor,” employees will know what to do. It’s also essential to keep up-to-date contact information for vendors and employees. Many BEC schemes ask recipients to call a phone number with account credentials or payment information. If the number differs from the contact information on file, it’s wise to pause and call the contact through established channels to confirm the message’s accuracy before proceeding.

By creating clearly defined and enforced policies and procedures, it will be very obvious when deviations occur. Empowering employees with the tools they need to identify business email compromise scams will help protect your company and keep financial information secure.

High Volume Bulk Email: Key Ingredients for Good Deliverability

Tuesday, August 3rd, 2021

How do you ensure your bulk emails have good deliverability?

Deliverability is key to anyone sending bulk emails like newsletters, announcements, or triggered notifications. As a provider of secure bulk email services, we constantly advise customers on how they can avoid having legitimate messages marked as spam and ensure that they are not blacklisted. In this article, we consolidate our advice for everyone’s benefit. Some tactics for good bulk email deliverability include: ensuring you have a good mailing list, maintaining your mailing list, email message content, and reputation management techniques like SPF, DKIM, and IP anonymization.

bulk email deliverability

Read the rest of this post »

Zero Trust Email

Tuesday, July 20th, 2021

Our third article on Zero Trust Architecture covers zero trust email and the systems it requires. In May, the Biden Administration announced a new approach to cybersecurity that included a push toward Zero Trust Architecture. We have already covered Zero Trust Architecture as a whole, and also talked about how dedicated servers are important parts of the zero trust model. Now, it’s time to talk about zero trust email.

zero trust email

Zero Trust Email and Encryption

As we discussed in our previous articles, Zero Trust Architecture begins with the presumption that an organization’s network may not be secure. Because attackers may already be inside the network, NIST stipulates that:

“…communication should be done in the most secure manner available… This entails actions such as authenticating all connections and encrypting all traffic.”

This means that emails always need encryption. While many organizations recognize external threats and encrypt their sensitive external communications, it’s still common for workplaces to use unencrypted communication methods within the company network. This is generally done under the outdated assumption that the internal network is secure.

Zero Trust Architecture understands that any attacker within the network could easily read these communications. This is why zero trust email needs to be encrypted, even when it’s within an organization’s private network. One step in this direction is to force TLS for email encryption for all entities.

The zero trust model also requires encryption at rest, so emails also need to be protected in storage, not just in transmission.

Authentication and Zero Trust Email

NIST’s publication on Zero Trust Architecture also stipulates that:

“Access to individual enterprise resources is granted on a per-session basis. Trust in the requester is evaluated before the access is granted. Access should also be granted with the least privileges needed to complete the task.”

When it comes to zero trust email, this means that sensitive messages require authentication and authorization to be read. TLS encryption alone is not sufficient, because it doesn’t have the full capability for this type of verification. While it does allow authentication and authorization on the recipient’s email account, it cannot do so on the raw message data.

LuxSci supports:

  • Sender Policy Framework (SPF) – This is a system for email authentication that can detect forged sender addresses. Due to its limitations, it is best to complement it with other email authentication measures.
  • DomainKeys Identified Mail (DKIM) – This authentication method can detect email spam and phishing by looking for forged sender addresses.
  • Domain-based Message Authentication Reporting and Conformance (DMARC) – This email authentication protocol complements SPF, allowing it to detect email spoofing. It helps to protect organizations from phishing, business email compromise attacks, and other threats that are initiated via email.

Each of these email authentication measures are useful for verifying sender identities. LuxSci also offers premium email filtering, and together these techniques limit the trust that is applied to inbound messages.

Together, these techniques identify legitimate email messages while filtering out those that are unwanted or malicious. While it isn’t directly stated in the NIST guidelines, SPF, DKIM and DMARC can all be integral parts of the zero trust framework.

Access Control and Zero Trust Email

In addition to measures for encrypting messages and verifying inbound emails, zero trust email requires granular access controls to keep out intruders. LuxSci’s Secure Email Services include a wide range of access controls that limit unauthorized access while still making the necessary resources available. These include:

  • Two-factor authentication
  • Application-specific passwords
  • Time-based logins
  • IP-based access controls
  • APIs that can be restricted to the minimum needed functionality

These configuration options help reduce the likelihood that a malicious actor can access your systems. They also limit the sensitive email data that an attacker may have access to if they do manage to compromise an organization’s network.

LuxSci’s Zero Trust Email

As a specialist provider in secure and compliant services, LuxSci’s offerings are well-positioned as zero trust email solutions. Our Secure Email aligns with Zero Trust Architecture for every industry vertical, not just HIPAA. Contact our team to find out how LuxSci can help secure your organization with a zero trust approach.

API Enhancements for DKIM Automation

Wednesday, December 2nd, 2020

DKIM, Domain Keys identified Mail, is a critical component to ensuring good INBOX delivery of email messages for day-to-day email, email marketing, and transactional email.  DKIM digitally signs outbound email so that the message recipients can verify that the messages originated from email servers authorized to send email from the sender.  I.e., it helps recipients identify and discard forged and fraudulent email messages while keeping legitimate ones.

API Enhancements for DKIM

In order to use DKIM with LuxSci, customers need to:

  1. Have LuxSci generate keys for each sending domain
  2. Update the DNS settings for each domain to publish the DKIM public key.

See LuxSci’s Help for our general DKIM setup instructions for more details.  These steps are pretty quick and easy, unless you have a large number of domains that you are sending email from.

To help such customers automate their workflow and manage their domains, LuxSci’s API has been augmented to enable management of DKIM keys for LuxSci customers.  The API now permits:

  1. Creation of new DKIM keys for new domains.
  2. Downloading the DKIM information needed for the DNS configuration.
  3. Deletion of DKIM keys for domains no longer in use.

Together with LuxSci’s other API endpoints, LuxSci customers can automate the addition and deletion of domains, email aliases, users, and now DKIM settings.  LuxSci is committed to continually expanding its API capabilities to enable and support automated workflows and processes.

Save Yourself From “Yourself”: Stop Spam From Your Own Address

Friday, September 22nd, 2017

I just got junk email … from me!

It is surprisingly common for users to receive Spam email messages that appear to come from their own address (i.e. “joe@domain.com” gets a Spam email addressed so it appears to be from “joe@domain.com”).  We discussed this issue tangentially in a previous posting: Bounce Back & BackScatter Spam – “Who Stole My Email Address”?  However, many users wonder how this is even possible, while others are concerned if their Spam filters are not catching these messages.

How can Spammers use your email address to send Spam?

The way that email works at a fundamental level, there is very little validation performed on the apparent identity of the “Sender” of an email.  Just as you could mail a letter at the post office and write any return address on it, a Spammer can compose and send an email address with any “From” email address and name.  This is in fact extremely easy to do, and Spammers use this facility with almost every message that they send.

Read the rest of this post »