Those crafty emails that flood into user inboxes each week are still the biggest data security threat to accounting firms, CPAs and other businesses.
No matter how sophisticated cyberattacks get, the key delivery tactic used has remained the same since viruses and other malware were first invented.
Hackers go after the human element of a technology infrastructure because tricking an email recipient into opening a malicious file or clicking a link to a fake login form is typically easier and more successful than trying to compromise data another way.
That’s why 94% of all malware is introduced via a phishing email and phishing is the #1 cause of data breaches.
There are many types of cybersecurity solutions you can put in place to help protect users, such as email phishing protection and user security awareness training. But it’s important to address one of the key tactics phishing attackers use so you can block those emails from getting to users.
The tactic most used to fool users into thinking a phishing email is legitimate is called email spoofing. Email spoofing is what email authentication was designed to detect and stop.
What is Email Spoofing?
Email spoofing is when a phishing email uses a legitimate company email in the “From” line of a message. This makes the recipient believe it was truly sent from that company or person.
For example, your employees may receive an email telling them the company’s Microsoft 365 accounts have been compromised and giving them a link to update their password “right away.”
Because the email not only is made to look like a legitimate Microsoft email, but also uses “support@microsoft.com” in the “From” line, many employees may think it’s legit and end up giving away their login credentials to a hacker.
Hackers often send an email from a completely different domain but edit the “From” line to that of a legitimate company. It could be that of your bank, a customer you work with, or your own company’s email address.
Why is it important to combat email spoofing?
- It’s a tactic that users often fall for because they don’t understand that the “From” line can be altered
- It’s on the rise (email spoofing attacks rose by 400% from a year ago)
- If your company’s email is spoofed to customers, it can hurt your reputation
How to Use Email Authentication to Stop Email Spoofing Attacks
Imagine getting an email from an employee, vendor, or customer with a phishing email that looks to be sent from your company’s email domain. But on closer inspection it’s found that it wasn’t sent by your server at all, the attacker just put your email in the “From” line.
You’re pretty much powerless to stop them from continuing to spoof your address, but with email authentication in place, you can keep those spoofed emails from coming into your user inboxes and also get a heads up if your email is being spoofed, so you can alert others.
Here’s how email authentication works.
It’s a 3-protocol framework that puts three security gates in place for authentication. It confirms that an email sent from your company’s email domain is really from your company.
Those three security gates are called:
- SPF (Sender Policy Framework)
- DKIM (DomainKeys Identified Mail)
- DMARC (Domain-Based Message Authentication Reporting and Conformance)
Each of these three “gates” are used together to tell other mail servers that your users are sending messages to whether or not emails they receive from your company domain can be delivered or should be stopped because they could be email spoofing.
They also protect your users from receiving fake emails from phishing scammers that are spoofing your address.
Here is what each of these three protocols does:
SPF
When you set up an SPF record on your mail server, you’re designating which IP addresses (i.e. mail servers) can send email for that @domain.com address.
You can set up your main mail server’s IP address as well as any services you send mail through, like Salesforce or Constant Contact.
If a mail server receives an email from your domain, the SPF record will check to see if it’s from one of those approved IP addresses and flag it if it’s not.
DKIM
DKIM uses two domain authentication keys to verify email authenticity. One resides on your email server and another is sent with each email message.
DKIM does these three main things:
- Verifies that the contents of an email haven’t been altered during transit
- Verifies that the email headers (e.g. “From” line) haven’t been altered
- Verifies the sending IP address is authorized to send mail for that domain
DMARC
DMARC is like the instructor that tells the mail server what to do with the information it has received from SPF and DMARC. Should the mail server deliver an email, quarantine it? DMARC answers this.
The DMARC protocol verifies whether or not SPF and DKIM authentication have passed.
It then tells the receiving mail server what to do. For example, it can tell it to either reject or quarantine messages that don’t pass email authentication.
Another helpful command DMARC can give the receiving mail server is to have it report back whether emails have passed or not passed due to authentication issues. This can alert you if a phishing scammer is spoofing your email domain.
Secure Your Company Emails & Reduce Phishing Risk
Connect2Geek can help your company get email authentication, set up your email server and ensure you have all the necessary protections in place to defend against phishing.
Schedule a free security consultation today! Call 208-468-4323 or reach out online.