The most common objectives of phishing attacks are to gain access or information of a target by sending them an email with the intent to perform some kind of action.
The attacker uses OSINT (Open Source Intelligence Gathering) to target email addresses by data-mining social media sites such as Facebook and LinkedIn. Once they have completed the target acquisition, the attacker will decide on the type of attack which will most likely be either credential harvesting or a malicious attachment.
Then the attacker designs and sends the phishing emails. They can use a standard mail client or custom scripts—finally, the waiting. Having sent out bulk phishing lines, the attacker would wait to see if there are any bites. If they achieve hook, line and sinker, they have captured credentials or remote access shells of their target.
So, how do we prevent these online bandits from attacking your email?
There are five main methods and frameworks to use to prevent yourself from becoming a victim of email phishing attacks.
1. Sender Policy Framework (SPF)
SPF is an email authentication method designed to detect fake email addresses before the email arrives in your inbox. SPF is the reason why spam emails automatically go to your spam folder.
How it works is, spammers exploit the Simple Mail Transfer Protocol, which allows any computer to send email from any source address. They use forged email addresses, making it difficult to trace an email back to its source and thus hide their identity.
The same nefarious methods are used in phishing techniques. Targets can be duped into disclosing sensitive information in response to an email disguising as sent by a legitimate organisation, such as a bank.
SPF allows the owner of an Internet domain (your business) to specify which computers are authorised to send mail with envelope-from addresses in that domain, using Domain Name System (DNS) records.
Therefore, if a domain publishes an SPF record, phishers are less likely to forge emails from that domain, because they are more likely to be caught in spam filters. However, only in combination with DMARC can SPF be used to detect the forging of the visible sender in emails, which leads us to number 2.
2. Domain-based Message Authentication, Reporting and Conformance (DMARC)
I know this is all pretty technical, so we are going to attempt to explain in Layman’s terms. At its most simple, DMARC is an email authentication protocol which gives email domain owners (you) the ability to protect your domain from email scams, phishing, and other sneaky cyber bandit crimes.
You will need your IT guy to set up and publish a DMARC DNS entry. n Depending on the instructions published within the DNS entry, you can authenticate incoming email. If an email passes authentication, it can be trusted and delivered. If the email fails, depending on the instructions you have given within the DMARC record, the email may still be delivered, archived or rejected.
3. DomainKeys Identified Mail (DKIM)
Another email authentication method used to detect sender addresses in emails which are forged is DomainKeys Identified Mail (DKIM). DKIM allows the receiver of an email (whether it be yourself or a client) claimed to have come from a specific domain (business/website) to check whether it was indeed sent by the owner of that domain.
Google’s Gmail is excellent with utilising DKIM and provide instructions on how to set DKIM up on your own Gmail account. However, if you do not wish to set up DKIM, Google’s default DKIM is still very effective at increasing email security and helping prevent email spoofing.
4. Brand Indicators for Message Identification (BIMI)
BIMI is the new kid on the block for email verification. Similar to SPF, DMARC and DKIM, BIMI is a text record that’s set up on your servers. It works right alongside SPF, DMARC, and DKIM to signal to email clients that your brand is you.
However, BIMI differs in that it also incorporates branding, allowing you to display your company logo in inboxes, giving you the stamp of approval while also putting your brand out there in for your clients, subscribers and prospects.
When setting up BIMI it is vital to note that you need to have SPF, DMARC and DKIM already set up and enabled for it to work. Again, your tech nerd should know this. However, make sure you provide them with a SVG file for your logo.
We highly recommend setting up BIMI as it serves several functions including email authentication, branding and creating a sense of trust with your email marketing campaigns.
5. Forward-confirmed reverse DNS (FCrDNS)
FCrDNS, (AKA full-circle reverse DNS, double-reverse DNS, or iprev) is a networking parameter configuration in which a given IP address has both forward (name-to-address) and reverse (address-to-name) Domain Name System (DNS) entries that match each other. This is the configuration expected of the Internet standards supporting many DNS-reliant protocols.
A FCrDNS verification creates a form of authentication that is strong enough that it can be used for whitelisting purposes because phishers and spammers cannot by-pass the verification when using zombie computers. FCrDNS proves there is a valid relationship between the owner of a domain name and the owner of an IP address. As cybercriminals have to keep their IP address’s secret to avoid detection, FCrDNS deters the bandwidth bandits.
Okay, I know this has been a highly tech-nerdy read; however, it’s crucial to implement the five steps. Not only will these protect yourself and business from email phishing attacks, but will also create trust. The more confidence you gain in your customers, the more successful you will be at delivering email marketing campaigns and securing business.
The key here aiming for BIMI, which makes it easy for subscribers to identify you and trust your content in their inbox. When subscribers see your logo, they can immediately know that it’s from you and not a creepy phisher. It is not only about seeing your logo and brand awareness but the magic that happens from the trust that generates.
Another reason why your endgame should be BIMI is that, as we discussed earlier, BIMI requires SPF, DMARC, and DKIM to be set up prior for it to work. As such, it forces you to follow authentication best practices. And having all these authentication methods combined will ensure for better email deliverability and brand reputation.
If only our clients and their customers had implemented these practices from the get-go. And in case you’re wondering, thanks to us, they are all good now. Their brand and reputation have since recovered.
If you would like to learn more on how to protect your brand from email phishing attacks and create a reputation of trust, drop us a line anytime.