22.12.2020
22.12.2020
You use your corporate e-mail (name@company.com) every day to communicate with your colleagues and customers, arrange meetings, and accept calendar invites. What can go wrong? Indeed, your company’s basic protection system defends your mailbox against phishing, spam, and other malicious emails that come on an annoyingly regular basis.
But what if the attackers take it one step further and, instead of attacking you, spoof your email address to send phishing emails to your customers and prospects?
Such exploitation of mail protocol vulnerability is different from email hacking and account theft. This technique resembles the Matryoshka doll when a smaller piece is ‘eaten up’ by its bigger exact copy. Thus, criminals can create the exact copy of your corporate email address (name@company.com) and do with it whatever they want.
Does the ‘little piece’ realize it has been ‘eaten up’? Unfortunately, no. The two mailboxes will work in parallel until one of the affected persons calls you saying something like this: “Hello, I got an email from you and opened the attachment, which looked like a contract... I think we both have been hacked.” And this is the fastest possible scenario. Sometimes, an attacker can stay unnoticed for a long time and keeps sending invoices using his own bank details.
DMARC exposes "matryoshka" clones
DMARC is an email authentication protocol that protects businesses against such Matryoshka-like attacks. This protocol checks incoming emails by IP addresses and various data packet transmission identifiers against DNS records and, if authentication is failed, blocks the attack attempt and provides the notification: “Sorry, this IP address does not belong to domain @company.com. This is most likely a phishing attack.” DMARC protects your company's brand from fraudsters and gives your customers peace of mind.
First, the protocol is configured within the organization: a corresponding DNS record is made on the company's server, which includes a set of rules for using domain name @company.com in emails. Then, these rules are announced outside, thus making a certain list of authenticated employee IP addresses. Basically, DMARC creates passports or licenses to use a specific email address for a particular employee's IP, and an attacker can no longer impersonate him/her. It's like trying to illegally cross the border without a passport and crawling in hope to stay unnoticed: a lot of effort but always in vain.
How we configure DMARC
To implement DMARC, you do not need to be a huge company, have a big name, use fancy equipment, or undergo preliminary training. All you need is a willingness to protect your brand against such attacks.
NGN International specialists can set up and properly configure the DMARC protocol for your company. We do not recommend configuring it manually, since online guides may not contain correct or accurate information. In addition, our Security Operations Center (SOC) provides monitoring and threat response and notifies the customer about each stopped phishing attempt from its organization’s email address.
POC (onboarding) takes 10 minutes, after which we can put necessary records on the server. In 20 hours, monitoring will be up and running, with our SOC recording all possible attacks. Depending on the mail service, the protocol can be configured within 2 to 7 days.