door-open-for-cybercriminals

How you could be helping email scammers without even knowing

Let’s get one thing clear from the start; we’re not accusing you of deliberately abetting criminals, but anyone with a sloppy cyber and email security setup is most likely unwittingly aiding them. Now we’re pretty sure you’ll have seen the below quote somewhere before, but today we’re hijacking it to prompt some thoughts about essential cybersecurity.

“The only thing necessary for the triumph of evil is for good men to do nothing”   

Edmund Burke, Irish statesman, economist, and philosopher

The modern cybercriminal isn’t a mysterious hooded hacker

Consider for one moment the modern cyber-criminal. Not the mysterious hooded hacker that seems to be in every stock photo, you know, this guy:

Scary hooded hacker man

We’re talking about the “adequate pernicious toerags” that Dr Ian Levy of the NCSC warned against. These guys (and girls!) know that the easy money isn’t to be made by hacking their way past the multiple (expensive) defences of high street banks, or by the well-known Nigerian Prince spam emails. For that perfect balance of effort vs reward, we can safely that in 2021, targeted phishing email scams are now the cybercriminal’s weapon of choice.

The success of these campaigns isn’t just in how cleverly the criminals craft their messages, or who they choose to target, but in the vast quantity of unprotected companies which are at their disposal to mimic.

To fall victim to impersonation, a company doesn’t need to be in the FTSE100 or be a social media star, it just needs to be one that the intended target has a trusted relationship with.

2021 cybercriminals exploit existing reputations

This could be a solicitor the target is using to buy a house, their local hairdresser, their favorite clothing brand, or long-time car insurer. Whichever business the scammer chooses to impersonate, they ultimately rely on the established trust already there to fool the recipient into sending them money, personal information, or opening dodgy attachments.

And these cybercriminals aren’t just after your customers’ money and data. They could well impersonate your domain in a Business Email Compromise (BEC) attack, pretending to be the CEO or Head of Accounts for your company, and trick unsuspecting employees into handing over your data, credentials, paying invoices, and more.

So other than making sure you’re not a victim, how can you help?

The first thing to do is make sure your company domain is protected from exact impersonation (email spoofing) is by fully-implementing DMARC at a policy of p=reject. DMARC (Domain-Based Message Authentication, Reporting, and Conformance) is the only way to stop cybercriminals from stealing your email identity and using it to carry out such scams. Without this essential layer of email authentication, your company brand is available to fraudsters – globally – to use to give their fake emails that vital air of authenticity, and make them much harder to spot.

It’s easy enough to check if you do have DMARC , just type your email into our domain checker and we’ll let you know straight away. Then you can either relax, safe in the knowledge no one is taking your name in vain, or you can get the ball rolling at your company with a conversation with your CISO about how DMARC will protect employees and customers from phishing attacks that use your email identity.

check email setup

PUBLISHED BY

Clare Holmes

3 Jan. 2018

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more
News

Meet Red Sift Radar: The Skilled Up LLM That Finds and Fixes…

Rahul Powar

After months of beta testing and feedback, we are excited to announce that Red Sift Radar, our skilled up LLM offering seamless integration with Red Sift OnDMARC, is now commercially available.  With Red Sift Radar, security teams can detect exposures, prevent configuration drift, and classify assets or suspicious activity without adding additional headcount. By…

Read more
News

G2 Fall 2024 Report: Red Sift OnDMARC Wins Big

Francesca Rünger-Field

We’re delighted to share that Red Sift OnDMARC’s winning streak continues. This Fall, we’ve once again been named a Leader in G2’s DMARC category, achieving recognition in both the overall Leader category and Europe for the first time. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift…

Read more
Cybersecurity

Resilience Rising | Episode 3 with Kevin White

Red Sift

In this episode of Resilience Rising, Sean Costigan, Managing Director of Resilience Strategy at Red Sift, and Kevin White, Senior Operation Consultant with Enhanced Information Solutions, explore the critical intersection of wastewater management and cybersecurity.  The two highlight the health and operational impacts of cyber threats on water utilities, emphasizing the vulnerabilities due to…

Read more
Certificates

Your guide to PCI DSS 4.0 Cryptographic Requirements

Rebecca Warren

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized framework designed to protect cardholder data during processing, storage, and transmission by merchants and service providers. PCI DSS outlines a set of stringent security controls that organizations handling payment card information must implement to mitigate the risk of data breaches and…

Read more