{"id":476868,"date":"2021-03-18T09:01:12","date_gmt":"2021-03-18T07:01:12","guid":{"rendered":"https:\/\/businesstech.co.za\/news\/?p=476868"},"modified":"2021-03-18T09:01:12","modified_gmt":"2021-03-18T07:01:12","slug":"growing-incidents-of-brand-impersonation-and-exploitation-highlight-need-for-dmarc","status":"publish","type":"post","link":"https:\/\/businesstech.co.za\/news\/industry-news\/476868\/growing-incidents-of-brand-impersonation-and-exploitation-highlight-need-for-dmarc\/","title":{"rendered":"Growing incidents of brand impersonation and exploitation highlight need for DMARC"},"content":{"rendered":"<p><em>By Mikey Molfessis, cybersecurity expert at Mimecast<\/em><\/p>\n<p>Businesses and people around the world have accelerated their adoption of digital technologies since the start of the pandemic.<\/p>\n<p>Digital channels have grown massively, especially in the banking industry.<\/p>\n<p>E-commerce has similarly boomed. FNB data from the first half of 2020 indicated that <a href=\"https:\/\/www.businessinsider.co.za\/half-of-sa-could-be-shopping-online-by-2024-if-data-costs-and-deliveries-improve-2020-11?utm_source=BusinessTech&amp;utm_medium=SponsoredArticle&amp;utm_term=March2021\" target=\"_blank\" rel=\"noopener\"><strong>average e-commerce spend increased by 30% year-on-year<\/strong><\/a>, with further growth expected as online retailers increase capacity and access to a greater share of the population.<\/p>\n<h3 class=\"my-4\">Greater digitisation = greater risk<\/h3>\n<p>While the growth of digital services is a welcome development in a time of heightened health risks, it&#8217;s not without its own risks.<\/p>\n<p>Cybercriminals, aware that more people are working and transacting online than ever before, have unleashed a veritable tidal wave of cyberattacks.<\/p>\n<p>In the first 100 days of the pandemic, Mimecast researchers found massive increases in several attack types in South Africa, including:<\/p>\n<ul>\n<li>Spam (up 46%),<\/li>\n<li>Impersonation attacks (up 75%),<\/li>\n<li>Malware (an eye-watering 385% increase), and<\/li>\n<li>Unsafe clicks by employees (97% increase).<\/li>\n<\/ul>\n<p>During the same period, more than 115,000 COVID-19 related spoof domains &#8211; designed to steal personal information &#8211; were taken down.<\/p>\n<p>Organisations have had to step up their efforts at keeping customers safe from cyber threats.<\/p>\n<h3 class=\"my-4\">Concerns over impersonation, exploitation<\/h3>\n<p>An organisation may suffer lasting brand damage and revenue loss if their customers are successfully targeted by cybercriminals, for example when a sophisticated impersonation attack makes it nearly impossible for the customer to discern the legitimacy of the email communication they receive.<\/p>\n<p>The erosion of trust in the brand means customers may view future legitimate communication as suspicious and not open the email or engage with its contents.<\/p>\n<p>They may even go so far as to create rules in their mailbox to delete all future emails automatically.<\/p>\n<p>This could cause irreparable damage for organisations such as online retailers or government departments that rely on the trust of their customers or citizens to deliver services and function effectively.<\/p>\n<p>In Mimecast&#8217;s State of Email Security 2020 Report, 84% of South African respondents stated they were concerned about a web domain, brand exploitation or site spoofing attack.<\/p>\n<p>Seventy-eight percent were concerned about an attack that directly spoofs their email domain.<\/p>\n<p>Unfortunately, most organisations overlook one vital tool: Domain-based Messaging Authentication Reporting and Conformance, or <a href=\"https:\/\/info.mimecast.com\/dmarc-resources.html?utm_source=BusinessTech&amp;utm_medium=SponsoredArticle&amp;utm_term=March2021\" target=\"_blank\" rel=\"noopener\"><strong>DMARC<\/strong><\/a> for short.<\/p>\n<h3 class=\"my-4\">What is DMARC?<\/h3>\n<p>DMARC is an email validation system that is designed to detect when someone is using your domain without authorisation and can be used to block delivery of all unauthenticated mail.<\/p>\n<p>It builds on existing SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) protocols by adding a critical reporting element and blocking mechanism.<\/p>\n<h3 class=\"my-4\">How does it work?<\/h3>\n<p>To use a real-world analogy, let&#8217;s say there&#8217;s a package that needs to be delivered to a recipient at an office park.<\/p>\n<p>Upon arrival, there are two security guards checking the delivery person&#8217;s credentials independently, but simultaneously.<\/p>\n<p>The first guard checks the license disk against the license plate and ensures that they are aligned.<\/p>\n<p>The second guard checks the driver\u2019s identification and makes sure it aligns.<\/p>\n<p>The guards then check their policies to establish what action must be taken if either of the checks did not align.<\/p>\n<p>Do they allow the delivery van through, or stop it there? These two checks are likened to inbound SPF and DKIM checks at a Secure Email Gateway (SEG)<\/p>\n<p>At the same time, the guards contact the delivery company to let them know that their delivery van came to their premises, and checks were done.<\/p>\n<p>The guards provide results explaining whether the security checks aligned to what was expected or if they failed.<\/p>\n<p>The company is therefore alerted to the possibility that their brand may have been used to fictitiously deliver a parcel. At this point, the delivery company knows if they are under attack.<\/p>\n<p>If the policies that the guards follow allow the delivery through the gates to the recipient, the recipient has another check they can do.<\/p>\n<p>They can call the delivery company and ask what to do with the parcel if the checks were not aligned.<\/p>\n<p>The company can then let the recipient know whether to take no action, to quarantine the package, or to reject it.<\/p>\n<p>The delivery company will now want to know why their package was not delivered and what went wrong.<\/p>\n<p>Was the package compromised while in transit? Did someone clone the delivery vehicle, and if so, where did the cloned vehicle come from if not from the delivery company?<\/p>\n<p>This is where DMARC comes into play. DMARC tells the delivery company what happened to the package or email (SPF was aligned, but DKIM was only partly aligned) by creating a report about the entire process.<\/p>\n<p>DMARC can help organisations identify what went wrong, and guide what corrective measures must be put in place to rectify the issue.<\/p>\n<p>Most importantly, DMARC gives organisations the power to govern their email domains and have visibility over which emails are being sent on their behalf.<\/p>\n<p>This allows security teams to quickly discover and halt any unauthorised emails being sent from their domains, protecting customers from potential exploitation by cybercriminals.<\/p>\n<p>It also gives companies the ability to instruct companies receiving mails from them to reject the mail if security checks are not aligned.<\/p>\n<p>In Mimecast&#8217;s State of Email Security 2020 Report, only 30% of South African respondents were using DMARC.<\/p>\n<p>However, with the growing digitisation of everyday life, all organisations need to meet their moral obligation to keeping customers safe from exploitation by cybercriminals.<\/p>\n<p>DMARC is an underused but highly effective tool in the fight against business email compromise and can help organisations maintain the trust of their customers, partners and suppliers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Businesses and people around the world have accelerated their adoption of digital technologies since the start of the pandemic. Digital channels have grown massively, especially in the banking industry. <\/p>\n","protected":false},"author":57,"featured_media":239113,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10459],"tags":[11528],"class_list":["post-476868","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-news","tag-mimecast"],"_links":{"self":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/476868","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/users\/57"}],"replies":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/comments?post=476868"}],"version-history":[{"count":3,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/476868\/revisions"}],"predecessor-version":[{"id":476876,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/476868\/revisions\/476876"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media\/239113"}],"wp:attachment":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media?parent=476868"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/categories?post=476868"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/tags?post=476868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}