Unprotected domains are a powerful weapon in the cyber-criminals’ arsenal
Let’s get one thing clear from the start; I’m not accusing you of deliberately abetting criminals, but anyone with sloppy cyber security could certainly be said to be unwittingly aiding them. Someone far more eloquent than me once said:
“The only thing necessary for the triumph of evil is for good men to do nothing” — Edmund Burke
Now I’m pretty sure that you will have seen this quote somewhere before, probably on a social media site where it was posted by some deep-thinker in a cursive font with a suitably “inspiring” background of mountains or lakes.
To be honest it’s usually used to kick off a discussion about war-mongering dictators or world hunger but for one brief blog post I’d like to hijack it to prompt some thoughts about cyber-security.
Consider for one moment the modern cyber-criminal. Not the mysterious hooded hacker that seems to be in every stock photo, you know, this guy…
I mean the “adequate pernicious toerags” that Dr Ian Levy of the NCSC warned against. These guys (and girls!) know that the easy money isn’t to be made by hacking their way past the multiple (expensive) defences of a high street banks, or by the well-known Nigerian Prince spam emails scams. For that perfect balance of effort vs reward the more sophisticated, targeted phishing email scams are swiftly becoming their de facto weapon of choice. And in 2018 we’re definitely going to see a lot more of them.
In fact the success of these campaigns isn’t just in how cleverly the criminals craft their messages, or who they chose to target, but in vast quantity of unprotected companies which are at their disposal to mimic. The firm doesn’t have to be FTSE100, doesn’t have to be a social media star, just one that the intended target has a trusted relationship with. This could be a solicitor they’re using to buy a house, their local hairdresser, favourite clothing brand or car insurer. Whoever the scammer choses they rely on the established trust to fool the recipient into sending them money, personal information or opening dodgy attachments.
So other than making sure you’re not a victim, how can you help?
Well the first thing to do is make sure your company domain is protected with DMARC. DMARC is the only way to stop cyber-criminals from stealing your email identity and using it to carry out such scams. Without this essential layer of email authentication your company is available to fraudsters, globally, to give their fake email that vital air of authenticity.
It’s easy enough to check if you do have DMARC — just type your email into our domain checker and we’ll let you know straight away. Then you can either relax, safe in the knowledge no one is taking your name in vain, or you can get the ball rolling at your company with a conversation with your CISO about how DMARC will protect employees and customers from phishing attacks that use your email identity.
Obviously the team at OnDMARC is more than happy to help you spread the word about DMARC so you can start your journey towards full protection — just drop us an email or tweet, or start your free trial today!