door-open-for-cybercriminals

How you could be helping email scammers without even knowing

Let’s get one thing clear from the start; we’re not accusing you of deliberately abetting criminals, but anyone with a sloppy cyber and email security setup is most likely unwittingly aiding them. Now we’re pretty sure you’ll have seen the below quote somewhere before, but today we’re hijacking it to prompt some thoughts about essential cybersecurity.

“The only thing necessary for the triumph of evil is for good men to do nothing”   

Edmund Burke, Irish statesman, economist, and philosopher

The modern cybercriminal isn’t a mysterious hooded hacker

Consider for one moment the modern cyber-criminal. Not the mysterious hooded hacker that seems to be in every stock photo, you know, this guy:

Scary hooded hacker man

We’re talking about the “adequate pernicious toerags” that Dr Ian Levy of the NCSC warned against. These guys (and girls!) know that the easy money isn’t to be made by hacking their way past the multiple (expensive) defences of high street banks, or by the well-known Nigerian Prince spam emails. For that perfect balance of effort vs reward, we can safely that in 2021, targeted phishing email scams are now the cybercriminal’s weapon of choice.

The success of these campaigns isn’t just in how cleverly the criminals craft their messages, or who they choose to target, but in the vast quantity of unprotected companies which are at their disposal to mimic.

To fall victim to impersonation, a company doesn’t need to be in the FTSE100 or be a social media star, it just needs to be one that the intended target has a trusted relationship with.

2021 cybercriminals exploit existing reputations

This could be a solicitor the target is using to buy a house, their local hairdresser, their favorite clothing brand, or long-time car insurer. Whichever business the scammer chooses to impersonate, they ultimately rely on the established trust already there to fool the recipient into sending them money, personal information, or opening dodgy attachments.

And these cybercriminals aren’t just after your customers’ money and data. They could well impersonate your domain in a Business Email Compromise (BEC) attack, pretending to be the CEO or Head of Accounts for your company, and trick unsuspecting employees into handing over your data, credentials, paying invoices, and more.

So other than making sure you’re not a victim, how can you help?

The first thing to do is make sure your company domain is protected from exact impersonation (email spoofing) is by fully-implementing DMARC at a policy of p=reject. DMARC (Domain-Based Message Authentication, Reporting, and Conformance) is the only way to stop cybercriminals from stealing your email identity and using it to carry out such scams. Without this essential layer of email authentication, your company brand is available to fraudsters – globally – to use to give their fake emails that vital air of authenticity, and make them much harder to spot.

It’s easy enough to check if you do have DMARC , just type your email into our domain checker and we’ll let you know straight away. Then you can either relax, safe in the knowledge no one is taking your name in vain, or you can get the ball rolling at your company with a conversation with your CISO about how DMARC will protect employees and customers from phishing attacks that use your email identity.

check email setup

PUBLISHED BY

Clare Holmes

3 Jan. 2018

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Microsoft announces new email requirements for bulk senders

Red Sift

Microsoft has officially announced new authentication requirements for bulk email senders, aligning with the policies rolled out in 2024 by Google and Yahoo. These changes aim to improve email security and deliverability for Outlook.com users, covering domains like outlook.com, hotmail.com, and live.com. The update marks a significant shift as Microsoft moves to require SPF,…

Read more
DMARC

From concept to market leader: Reflecting on the development of Red Sift…

Rahul Powar

Following Red Sift OnDMARC being featured in 18 reports in G2’s Spring 2025 Report, CEO Rahul Powar shares his thoughts on the innovation behind the product—and what’s driving its continued momentum in the fight against phishing and Business Email Compromise (BEC). When I founded Red Sift, my goal was to make proactive cybersecurity accessible…

Read more
DMARC

Keep your Microsoft Online Email Routing Address secure with Red Sift OnDMARC

Faisal Misle

Every Microsoft 365 tenant includes a default domain in the format tenantname.onmicrosoft.com. This is known as the Microsoft Online Email Routing Address (MOERA). What many don’t realize is that attackers have started using these domains to impersonate organizations in phishing attacks. If left unmonitored, MOERA domains can become a blind spot in your email…

Read more
News

Red Sift OnDMARC ranked #1 in EMEA and Europe for DMARC in…

Francesca Rünger-Field

G2’s Spring 2025 Report is here, and we’ve got some exciting news to share! Red Sift OnDMARC has been named the #1-rated DMARC solution in both EMEA and Europe, and that’s just the start. We also took the #1 spot in the Mid-Market Results Index and Mid-Market Usability Index, and were featured in 18…

Read more