Category Archives: Fraud and Phishing

Has your email been Spoofed?

Email spoofing can harm your corporate brand, decrease open rates for your legitimate email, cause legitimate email to be blocked, compromise website security and even create financial complications.  No company is totally immune from malicious email spoofing using their domain, but there are ways to protect yourself.  Spoofing comes in a few different forms:

  • Simple Domain Spoofing – a spammer sends email that looks like it is from your domain, but originates from a server that you do not control or not in your SPF record.
  • Hacked SPF Sender – A spammer hacks a legitimate sender, one listed in your SPF records, and sends email that appears to be from you.  
  • Hacked Internal Account – A hacker compromises an internal email box and sends email via legitimate sources.  
  • Similar Domain Spoofing – A spammer sets up a complete domain that has a similar name to yours.  For example, “example.com” versus “exarnple.com” or “exampIe.com”.

Recently some fraudsters were brazen enough to attempt to spoof email from MxToolbox.com.  This illustrates how our experts (and MxToolbox Delivery Center Product) protect us from fraud and phishing and how we can protect your company too.  

DNS Configuration

Good email delivery and protection from fraud and phishing attempts requires expert management of your DNS.  Four DNS protocols are particularly important:

  • SPF allows you to delegate outbound email to 3rd parties.
  • DKIM allows you to crytographically sign email to take ownership of the email you send.
  • DMARC provides two very useful features:
    • Allows you to designate email addresses to receive feedback on your email delivery.
    • Allows you to set an email delivery policy for how inbox providers handle email that isn’t DMARC compliant with either SPF or DKIM.
  • BIMI allows you to provide an icon that inbox providers may display if your email passes DMARC with a strict DMARC policy

Our spoofer used IP addresses outside of our SPF so failed SPF checks and DMARC compliance.  Additionally, our DMARC policy is set to reject, so inbox providers knew to discard these failed emails immediately.  Our expertly configured DNS helped us reduce the impact of this attack on our email delivery, our customers and the non-customers targeted.

You might think that DNS configuration is all you need to protect your email delivery, but there is more.

Visibility

SPF, DKIM and DMARC Passing Rates

While DNS configuration is the most important first step in email deliverability, you need constant visibility into your email delivery status in order to protect your brand.  MxToolbox Delivery Center provides important insight into your email delivery posture with real-time statistics on SPF, DKIM and DMARC pass and fail rates across all your email senders, legitimate and fraudulent.  

In this case, MxToolbox Experts quickly noticed a spike in email from illegitimate sources.  Delivery Center reported this spike by analyzing DMARC reports approximately 24-48 hours before we began to receive bounceback notices from targeted inbox providers.  With strict ‘Reject’ DMARC policies in effect, our Expert team could rely on most inbox providers dumping these emails without delivery, however, we needed to analyze the potential risk.

Bounce Analysis

MxToolbox Delivery Center integrates a Bounceback analysis tool that allows us to analyze bounceback email messages from dozens of inbox providers to determine the reason an email failed to make it to the intended recipient.

bouncebacktool.JPG

Bounceback messages can help you understand recent attacks and prevent new ones.  For example, a bounceback due to Reverse DNS failure, as above, is an indicator that your spammer was using a server outside of your network and not listed in your SPF as was our recent spammer.  Bounceback messages can also provide insight into other reasons for delivery failure, including blacklisting, malware/spam content and more.

Feedback Loops

The newest visibility feature of MxToolbox Delivery Center incorporates Feedback Loops.  Feedback Loops allow Inbox Providers to return information from inbox owners to the original senders, including much of the original message header.  Analyzing message content and headers returned via feedback loops gives you unique insight into how your email is being perceived by recipients.  Did the recipient report you as spam?  Was the email actually fraudulent?  Was the content yours but appeared spammy?  Feedback loops are very powerful and a necessary part of maintaining high quality email delivery.  

Get ahead with Delivery Center

To maintain the highest levels of email deliverability, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the on-going maintenance necessary to maintain peak performance:

  • Who is sending email purporting to be from your domain
  • What is the reputation of your senders’ IPs
  • Geolocation of your senders and What their blacklist reputations are
  • How your SPF, DKIM and DMARC setup is performing
  • What senders are failing DKIM
  • What senders are failing SPF verification
  • When to setup more restrictive policies for DMARC
  • What on-going maintenance you need to maintain and improve your email deliverability

 

A Case of Fraud and Phishing

Companies large and small are potential victims of fraud and phishing using their brands and domains.  If you leave your business unprotected, it is simple for hackers and fraudsters to leverage your domain and brand to email your customers scams.  Companies in banking, financial services and investment advice are at particular risk due to the potential for immediate financial loss.

MxToolbox Experts are here to help you prevent damage to your brand and improve your email deliverability.  Leveraging new email technologies, such as DKIM, DMARC, BIMI and others, our Managed Services team helps businesses worldwide with email deliverability and protect against fraud and phishing.

A recent Investment Advisory case study shows how MxToolbox can help:

  • Leveraging DMARC best practices to aid email deliverability
  • Improving SPF, DKIM and DMARC compliance rates
  • Implementing strict DMARC policies to prevent Fraud and Phishing
  • Dramatically Improving Email Open Rates

Read the Case Study

BIMI Monitoring has arrived

MxToolbox is happy to announce additional support for BIMI in the form of BIMI record monitoring.  Now, you can be confident that all your important email deliverability records are properly configured and constantly monitored by our experts.

What is BIMI?

BIMI is an email delivery standard that works with other standards (SPF, DKIM and DMARC) to publish an image or logo on an end-user’s email box when an email comes from you. BIMI helps your email recipients feel confident that an email is legitimately from you and helps to protect your brand from use in fraud and phishing.

How does BIMI work?

First, you need to have SPF, DKIM and DMARC properly setup.  Next, you publish a BIMI DNS record that defines your preferred logo image.  Then, when you send email to a user on a BIMI-Supported inbox provider, like Yahoo! and, in Summer 2020, Google, the inbox provider you have a chance of displaying your logo.

Inbox providers will check for DMARC compliance on every email.  If the email passes DMARC tests, then this inbox provider will check for a BIMI record.  If a valid BIMI record is found, then the inbox provider will display your logo next to the email.  As these checks happen on each email, you need to be sure that your email is both passing DMARC and that your BIMI record is accessible every time you send email.  With a BIMI logo next to every email you send, your customers will be reassured that each email is a legitimate communication from you and have your brand top of mind.

MxToolbox BIMI Monitoring

MxToolbox is expanding our support for BIMI by announcing the inclusion of BIMI record configuration monitoring as part of MxToolbox Delivery Center.  You can already test your BIMI record with our Supertool, but now we offer integrated alerts when BIMI is non-accessible or misconfigured.

Since BIMI is dependent on SPF, DKIM and DMARC, MxToolbox highly recommends that you adopt tools, like Delivery Center, to help you setup and maintain these technologies while also monitoring your your day-to-day DMARC compliance.  MxToolbox Delivery Center leverages our email expertise to improve your email deliverability and allows you to focus on running your business.  Adding BIMI to a tool like Delivery Center will help improve your email delivery and improve the visibility of your brand.

ARC Protocol – Getting your email delivered

Recently, RFC 8617 established the Authenticated Received Chain (ARC) Protocol, a new and powerful email authentication and security standard that allows legitimate forwarded emails to be delivered without any issues.   ARC has been in testing for several years with Google and another inbox provider to transform the theoretical solution into a full-fledged standard.

What is ARC?

ARC allows mail handlers (email servers) to preserve a “chain of custody” that shows where the respective message originated and all subsequent handling entities via authentication data when forwarding emails. To get more specifics about the ARC protocol, click here.

Before ARC, a forwarded email would no longer pass DKIM alignment because there was no standard for preserving the original and subsequent DKIM signatures.  An unaligned message might then fail DMARC and be rejected by the final inbox provider and never reach your customer’s inbox.

The ARC protocol establishes a standard for preserving DKIM alignment when a message is forwarded.  This helps these messages look less suspicious to the receiving inbox providers by ensuring emails that are forwarded pass authentication and avoid being labeled as spoofed messages. 

Why is ARC important?

ARC becoming a standard applied to all inbox providers is highly important for your email deliverability. With ARC, if your business forwards email and has implemented DKIM, your email chain of custody will no longer break, resulting in higher delivery rates.  While SPF alignment breaks under most message forwarding instances, DKIM breaks when emails pass through forwarding services that modify content involving a DKIM signature. Even if the email fails SPF and DKIM validations, the inbox provider can choose to validate the ARC standard.

It is imperative that your business email implement DKIM as soon as possible to improve email deliverability and leverage the benefits of ARC.

ARC Enables more DMARC Adoption

The creation of the ARC standard shows continued support for the DKIM, SPF and DMARC standards that are the basics for email deliverability.  ARC allows messages that have been forwarded via mailing lists, list servers, and email gateways to pass DKIM authentication and not break during delivery.  DKIM is integral to achieving DMARC compliance, so the ARC standard also allows more senders to pass strict DMARC policies.  Strict DMARC block non-DMARC compliant email to improve your company’s overall email deliverability by reducing the threat of fraud and phishing using your domain.

What do I need to do to take advantage of ARC?

The first steps to leveraging ARC involve the adoption of basic email deliverability standards – SPF, DKIM and DMARC.  If you have not already read it, MxToolbox has a great guide to setting up these protocols.  Once you have SPF, DKIM and DMARC setup, inbox providers that have adopted ARC will automatically process your email appropriately.

MxToolbox Delivery Center provides everything you need to manage the on-going maintenance of email delivery.  Learn more about Delivery Center and how we can help you with email deliverability!

First Verified Mark Certificate Issued

Recently, JPMorgan Chase became the first company to adopt the VMC standard, and companies gained another tool to prevent email fraud. 

What is VMC?

Verified Mark Certificate (VMC) is a method to watermark outbound messages to declare the email comes from an official, legitimate source.  With a certificate like this, senders get better email deliverability because email recipients will see a valid VMC as a certificate of trust emails.

Entrust Datacard, a U.S.-based provider of trusted identity and secure issuance technology solutions, recently issued the first VMC certificate to JP Morgan Chase. Entrust developed the new vendor-neutral VMC solution in collaboration with the AuthIndicators Working Group, a committee of companies responsible for creating the Brand Indicators for Message Identification (BIMI) standard.  While the VMC and BIMI standards still in the early stages of definition and adoption, this announcement indicates a big push to get BIMI into inboxes.

What is BIMI?

The BIMI protocol helps to improve email authentication and brand assurance by allowing a sender to publish a logo icon through DNS.  Inbox providers then use this logo to highlight DMARC compliant emails from the sender, thereby providing a reassurance to users that this email is free from phishing and spoofing attacks.  The logos themselves will also make it easier for customers to recognize their preferred companies in inboxes and increase brand awareness by prominently displaying trusted logos. 

How do VMC and BIMI work together?

The goal of VMC is to prove a BIMI image is authentic, not a scammer utilizing a fake image of a trusted source like the sender, Microsoft, Amazon, or JP Morgan, for example.  Validating that a BIMI-displayed logo is legitimate will make phishing and spoofing practices more difficult to accomplish. While BIMI allows companies to display logos in supported inboxes, VMC authenticates the logos are valid and owned by the actual sender of the email.

The recent exciting news that JPMorgan Chase was granted the first VMC is a promising sign that BIMI should be standardized soon. BIMI, which leverages DMARC, continues the technological trend of making it difficult for online fraudsters and phishing attacks to trick unsuspecting victims.

How MxToolbox Helps

To achieve the BIMI standard, Domain-based Message Authentication, Reporting, and Conformance (DMARC), along with SPF and DKIM, must first be implemented. MxToolbox’s team of email delivery experts and tools can help you implement and understand DMARC to help your business attain email deliverability.

First, MxToolbox provides a free DMARC lookup tool to analyze your DMARC record and make recommendations for getting your email DMARC compliant.

In addition, MxToolbox’s BIMI Lookup tool is a free diagnostic tool that will look for a BIMI record for the supplied domain name and run a series of diagnostic checks against the record to ensure compliance with standards and accessibility of the BIMI icon to inbox providers.  As the VMC standard is defined, MxToolbox will extend our tools to checking and validating VMC certificates.

Finally, MxToolbox is here to guide your company through the DMARC process and help optimize your email deliverability.  We offer several solutions to help you get your email DMARC compliant and monitor the on-going DMARC compliance of your email:

  • Delivery Center is our base package that allows you to monitor the SPF, DKIM and DMARC compliance of your email while giving you insight into emerging email threats.
  • Delivery Center Plus gives you all the great reporting of Delivery Center combined with deeper reporting on Phishing and Fraud using your domain.
  • Delivery Center Managed Services gives you access to our Email Experts who manage your DMARC compliance and free you to focus on your business.

BIMI Lookup Tool

MxToolbox is excited to announce the unveiling of another free tool for your use: the new BIMI Lookup tool. This innovative tool enables you to test your Brand Indicator for Message Identification (BIMI) records, ensuring that your BIMI record is correct and adheres to the current standards.  A missing or incorrectly formatted BIMI record means your customers may not see your domain’s logo in their inboxes. 

What’s BIMI and Why’s It Such a Big Deal?

BIMI is an industry-wide standards effort to display brand logos next to the brand’s email messages in their customer’s inboxes as indicators of trust to help message recipients recognize and avoid fraudulent emails delivered to their inboxes. This new standard, which is currently in beta testing, is important to email senders and their customers alike. Businesses get a prime opportunity to add trust to the emails they send and increase the visibility and ROI of their email programs, while recipients also benefit from senders deploying DMARC and other BIMI authentication standards to reduce the success of phishing attacks.

BIMI builds off of DMARC, with some outlets calling it DMARC 2.0, and will only display if you have deployed DMARC. Several Oath brands (Yahoo!, AOL, etc.) are currently beta testing the BIMI standard with their mailbox users. Gmail will also be rolling out their own beta test of the BIMI protocol in 2020. With Gmail’s current 1.2 billion worldwide users able to see a company’s logo displayed within a year’s time, adopting the BIMI standard will be highly beneficial to your business email practices. As DMARC and BIMI work in tandem to improve message delivery, it becomes imperative your brand utilizes these pioneering email technologies and standards.

How MxToolbox’s BIMI Lookup Tool Works

The new BIMI Lookup tool allows you to check for any errors included in your BIMI record published content, syntax check content, DMARC record format, or image format content. By entering your company’s domain name and clicking the “BIMI Lookup” button, this diagnostic tool will parse the BIMI record for the supplied domain, display its BIMI record, and run a series of diagnostic checks against that specific record. The provided results will help you recognize any current issues in your BIMI record’s setup that may prevent your logo from being displayed in Yahoo!, AOL, and Gmail (early 2020) inboxes.

To learn more about BIMI and how it’ll benefit your business, please click here.

Ultimate Combo

MxToolbox’s free BIMI Lookup tool is a great way to ensure your BIMI record is setup correctly and displays your logo as intended. BIMI provides your business an opportunity to grow your brand and protect your customers. Implementing this standard and monitoring it with our new tool are positive steps in improving your business email delivery. Don’t let your messages be sent to the Junk folder anymore.

How to Create a BIMI Record

Brand Indicators for Message Identification (BIMI) is a standardized way for companies to use their logo as a visible indicator to help email recipients recognize and avoid fraudulent messages. BIMI builds on the DMARC email authentication protocol to develop trust with current and potential customers. For a closer look at the new BIMI standard, please click here.

Creating a BIMI Record

The following steps outline how to create a BIMI record for your domain:

1. Create Image in SVG Format

First, you’ll need to obtain a copy of your logo and convert it to SVG format. For those steps, please click here.

2. Visit DNS Hosting Provider and Select Create Record

Now that you’re ready to create a BIMI record for your domain, visit your DNS hosting provider. After logging in, locate the prompt to create a new record.

3. Add Host Value

In this field, you’ll likely input the value _bimi and the hosting provider will append the domain/subdomain following that provided value. (ex: default._bimi.example.com)

4. Select TXT DNS Record Type

Based on provider, you’ll likely see a dropdown list of DNS record types. Because a BIMI record is a kind of TXT DNS record, be sure to select the “TXT” option.

5. Add “Value” Information

There are two required tag-value pairs that MUST be present on every BIMI record: v and l.

  • The only tag-value pair for v (version) is v=BIMI1
  • Confirm l (location) tag is present and followed by a full URL of your logo using HTTPS (l is lowercase L)

6. Publish BIMI Record

Click “Save Record Set” button to generate your new BIMI record.

7. Test BIMI Record for Errors

The last step you will want to perform is to Run a BIMI Record Check to verify the record you just created has the correct values and syntax. This tool will also render how your logo will appear in email clients.

Note: Creating your BIMI record and publishing it to the DNS per the above steps doesn’t automatically display your logo in all customer inboxes. Currently, several Oath brands (Yahoo!, AOL, etc.) are testing the BIMI standard in beta with their mailbox users, and the inbox providers that participated in developing the protocol and are likely to add BIMI support soon. Gmail will also be rolling out their own beta test of the BIMI standard in 2020. By having your BIMI record and associated logo published in the DNS, your brand will easily be recognized and trusted by current and future customers. For details on all BIMI technical specifications, please click here.

Summation

Creating a BIMI record for your company’s logo to be visible in customers’ inboxes is a simple way to enhance your brand. Not only are current and prospective clients confident that your emails are legitimate, they also gain a level of trust by seeing your approved logo in their inbox. Each time a customer receives a message from your domain using the BIMI standard, at least three potential unique brand impressions are made—message list, email address in message, and within message itself. The quicker your business decides to adopt BIMI (when available via your outbound email provider), the more recognized your brand will be.

MxToolbox is here to Help!

MxToolbox Delivery Center is the most effective email deliverability solution for your business. With MxToolbox you get our decades of experience helping businesses just like yours manage your online reputation and improve your email delivery.

MxToolbox Delivery Center Features:

  • Insight into your SPF, DKIM and DMARC (and BIMI!) configuration to ensure your sending email properly
  • DMARC Compliance checks for all of your reported email
  • Adaptive Blacklist Monitoring of all your email senders
  • Recommendations for improving DMARC compliance and DMARC policies
  • Event-based reminders for emergent issues and on-going maintenance

DMARC is a necessity for your business!  Improve your Email Delivery!

Google Joins BIMI Working Group

If you haven’t heard the exciting news, as announced in late July, Google is joining the AuthIndicators Working Group, agreeing to pilot the Brand Indicators Message Identification (BIMI) standard. Google will beta the concept in Gmail soon, so now is the time to start getting prepared by adopting DMARC and soon BIMI.

What Does this mean to me?

Google’s decision to join the BIMI working group is a strong indicator that the BIMI standard will successfully make it out of draft stage and will likely be adopted as DMARC 2.0. For those new to BIMI, BIMI is a new authentication standard that will allow domain owners to display their company logos inside of email platforms like Gmail, Yahoo! Mail, and potentially Outlook.com/Office 365 inboxes.

The intention of BIMI is to add an additional trust layer to the validity of email senders to help thwart email phishing attacks, as domains who are DMARC and BIMI authenticated will have their logos displayed front and center in those inboxes. Beyond the boost to the fight against email phishing, domain owners should be excited by BIMI, as this will allow them to get their logos directly in email inboxes; a long sought after real estate for marketers.

What Is BIMI?

BIMI is an industry-wide standards effort to use brand logos as indicators to help email recipients recognize and avoid fraudulent messages. Essentially, it allows email inboxes like Google’s Gmail to securely display approved logos beside DMARC authenticated messages, signaling to users that the received emails are legitimate and safe to open.

The BIMI standard also allows domain owners control over which logos email recipients see. For example, an insurance company could use BIMI to display its logo next to authenticated messages sent from its domain or an alternative logo at its choosing. This gives the insurance company complete control over which images are displayed, providing brand exposure, as well as protection against spoofing.

Using BIMI requires DMARC authentication is to be implemented on the respective domain. In fact, the BIMI standard is considered an extension of the DMARC protocol, i.e. DMARC 2.0 to some. At the current time, BIMI is still in draft stage and is being beta tested in Verizon Media (Yahoo! Mail, AOL, etc.) and will be in beta in Gmail in the near future.  However, MxToolbox is here to help you get ahead with our own BIMI Lookup tool.  

For further reading about BIMI please click here

What Is the BIMI Working Group?

The AuthIndicators Working Group is responsible for developing the BIMI standards. Currently, the Working Group’s public members include Agari, Comcast, LinkedIn, Return Path, Valimail, Verizon Media, and now Google. With a shared goal of reducing email fraud, the Working Group committee of companies is aiming to help create a safer inbox experience for all email users. 

The Future of Email Delivery

With the DMARC protocol slowly becoming such a vital aspect of email delivery over the years, BIMI in combination with DMARC will only improve on the DMARC standard. Improving protection in the fight against email phishing and opening up a new and exciting avenue for brand advertising/awareness for domain owners, brands, and marketers may finally be boost needed to spark rapid DMARC adoption. With BIMI still in beta, this is a great opportunity to adopt DMARC if you haven’t yet or have been too afraid to. 

Learn more about BIMI here

Get started with DMARC here

MxToolbox BIMI Lookup

 

What is Business Email Compromise (BEC)?

 

Email fraud targeting companies is a rampant and global problem.  According to the Federal Bureau of Investigation (FBI), cybercriminals stole $12.5 billion worldwide from businesses between October 2013 and May 2018 by compromising their official email accounts and using them to initiate fraudulent wire transfers.1 The Internet Crime Complaint Center (IC3) and the FBI are asking individuals to be aware of scams targeting businesses that work with foreign suppliers.

What Is Business Email Compromise?

The FBI officially defines business email compromise (BEC) as “a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments.” Formerly known as the man-in-the-email scams, these schemes compromise official business email accounts to conduct unauthorized fund transfers.  And, there has been a significant increase of computer intrusions linked to BEC scams in recent years.

How Do BEC Attacks Work?

The most common cons involve fraudsters impersonating high level executives, sending phishing emails from seemingly legitimate sources, and requesting wire transfers to alternate, fraudulent accounts.  BEC scams often begin with an online fraudster compromising a business executive’s email account or any publicly listed email they can get their hands on. This is usually done using keylogger malware or phishing methods—where attackers create a domain similar to the target company—or spoofing email that tricks the target victim into providing account details. Upon monitoring the compromised email account, the cybercriminal will try to determine who initiates wires and who requests them. The scammers often perform a fair amount of research, looking for a company that has had a change in leadership in the C-suite of the finance function, companies where executives are traveling, or by leading an investor conference call. The perpetrators recognize and use these as opportunities to execute the scheme.

There are five distinct versions of BEC scams:

  • Bogus Invoice Scheme/Supplier Swindle: Cybercriminal compromises employee email ► Compromised account used to send notifications to customers ► Payments transferred to cybercriminal’s account ► Cybercriminal receives money
  • CEO Fraud: Cybercriminal poses as company executive and emails finance employee ► Finance sends funds to cybercriminal’s account ► Cybercriminal receives money
  • Account Compromise: Compromised employee account used to request money ► Recipients transfer payments to cybercriminal’s account ► Cybercriminal receives money
  • Attorney Impersonation: Cybercriminal poses as lawyer and emails finance employee ► Finance sends funds to cybercriminal’s account ► Cybercriminal receives money
  • Data Theft: Cybercriminal compromises employee email ► Compromised account used to request PII of other employees/executives ► PII sent to cybercriminal’s account ► Cybercriminal receives PII, uses it for further compromise attacks

DMARC – Defending Against BEC Scams

To combat BEC scams from affecting your business, DMARC is your friend. Your inbound email servers should be configured to filter email that fails DMARC compliance, especially when it comes to email that purports to being from your own domain.

The DMARC protocol was designed to improve email quality: What should happen to messages that fail authentication and compliance test (SPF and DKIM)?  Should you Quarantine, reject, or approve?  How do you tell the purported sender that their email is failing compliance checks?  With DMARC implemented and correctly configured on your inbound servers, your company will have an advantage in reducing BEC attacks. Even with malware filtering, blacklist filtering and enhanced training/policies, DMARC reduces the threat of BEC attacks to your teams.

But what about your Customers, Suppliers and Partners?

DMARC really shines when it is configured correctly for outbound email as well as used to filter inbound email.  Outbound email leveraging DMARC, DKIM and SPF protocols protects your brand from being used in spam, phishing and malware attacks.  The key is to work with your internal and external email senders to properly configure SPF and DKIM.  Once your legitimate sent email is DMARC compliant, you can instruct recipient organizations to automatically reject non-compliant email.  Inbox Providers love DMARC because they can more easily screen for spam, malware and scam emails.  Senders love it because Inbox Providers are more likely to prioritize DMARC compliant email.

Aside from achieving DMARC compliance, businesses are advised to stay vigilant and educate staff on how to prevent being victimized by BEC scams and other similar attacks. Cybercriminals don’t discriminate on company size.  In fact, it is often easier to scam more small-to-medium companies than a single large organization. Additionally, online fraudsters don’t need to be highly technical as they have access to tools and services that cater to all levels of technical expertise in the cybercriminal underground. Because email is such a vital aspect of business communications, a single compromised account is all it takes to financially damage your company. Here are some tips on how to stay protected and secure:

  • Carefully scrutinize all emails. Be wary of irregular emails that are sent from C-suite executives, as they are used to trick employees into acting with urgency. Review emails that request transfer of funds to determine if the requests are irregular.
  • Educate and train staff. While employees are a company’s biggest asset, they’re also usually its weakest link when it comes to security. Commit to training them according to the company’s best practices. Remind all that adhering to company policies is one thing, but developing good security habits is another.
  • Confirm any changes in vendor payment location by using a secondary sign-off by company personnel.
  • Stay updated on your customers’ habits, including the details and reasons behind payments.
  • Verify requests for transfer of funds when using phone verification as part of two-factor authentication (use known numbers).
  • If you suspect that you have been targeted by a BEC email, immediately report the incident to law enforcement or file a complaint with the IC3.

Conclusion

Unfortunately, cybercriminals are a major threat to your business email. By devising malicious social engineering and computer intrusion schemes to fool employees into wiring money, cybercriminals create a serious risk for business whether large or small. This emerging global risk of business email compromise (BEC) has victimized thousands of companies around the world.

Fortunately, there are technologies, like DMARC, that help secure your company’s email  and fight against BEC and other phishing scams. By implementing DMARC and educating employees, the prevalence of online fraudsters and their BEC cons will be minimized. At MxToolbox, our knowledgeable team has over a dozen years helping companies improve their email delivery and protecting companies from email-based threats.  Our latest product, MxToolbox Delivery Center, leverages DMARC to protect your brand from fraud and phishing and improve your email deliverability.

1Information Security Media Group, Corp. https://www.bankinfosecurity.com/fbi-alert-reported-ceo-fraud-losses-hit-125-billion-a-11206

Delivery Center Events

At MxToolbox we strive to create features that improve your insight and control over email deliverability. Today, we are pleased to announce a new Events warning system in all versions of MxToolbox Delivery Center.  The new Events tab and associated emails provide ongoing updates regarding specific delivery activity.  Emails will alert Delivery Center customers to any current email delivery problems. Think of Events as an early warning system that helps your business avoid serious issues with email deliverability and online reputation.

Events will alert you to the following potential issues:

  • Large Outbound email volume changes (increase or decrease)
  • Email delivery DNS record issues (SPF/DKIM/DMARC)
  • Email authentication problems
  • Potential phishing campaigns posing as your business

Delivery Center provides keen insight into your company’s overall email delivery status and performance.  Any activity that has negative email delivery consequences will be detected by Delivery Center and you will be immediately alerted, allowing you to act quickly before issues become major problems.

Alerts can be configured to alert only within the Delivery Center application, and/or via email . This helps you receive vital intelligence, no matter where you are, which could save you from a business email nightmare down the road.

Currently, there are three alert types:

  • DMARC Record Configuration Problem – A critical alert that means you are missing DMARC delivery information.
  • Verified Volume Changed – Large changes in email volume can indicate a new campaign, issue with a sender or phishing/fraud being committed using your domain name.
  • Adaptive Blacklist Alert – Warning that your sending IP addresses have been  Blacklisted.
events1

Example 1 – one Active Event (Verified Volume Changed) and two Inactive Events (Adaptive Blacklist—Last 7 Days, DMARC Record) are noted, with a “Critical” designation for DMARC. 

events2

Example 2 – Message categories provides a helpful summary of each event’s current standing.

events3

Example 3 – The Date field indicates when the situation was last reported.

events4

Example 4 – There are two option: select either the “Notify in Delivery Center” option or the “Notify by Email” choice.

MxToolbox Delivery Center continuously scans for delivery issues and updates you when your email delivery might be compromised. With Delivery Center, your company stays ahead of bigger issues.

If you are an existing Delivery Center user, be sure to try this new feature!

If you’re not already a Delivery Center subscriber, you can learn more about how Delivery Center will help your business email deliverability.

Stay tuned! More events are coming!