Business Email Compromise

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise.

Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.

It is a common misconception that cybercriminals usually lay their focus on MNCs and enterprise-level organizations. SMEs these days are just as much a target to email fraud as the larger industry players.

How Can BEC Affect Organizations?

Examples of BEC include sophisticated social engineering attacks like phishing, CEO fraud, fake invoices, and email spoofing, to name a few. It can also be termed an impersonation attack wherein an attacker aims to defraud a company by posing people in authoritarian positions. Impersonating people like the CFO or CEO, a business partner, or anyone you will blindly place your trust in is what drives these attacks' success.

February of 2021 captured the activities of the Russian cyber gang Cosmic Lynx as they took a sophisticated approach towards BEC. The group had already been linked to conducting over 200 BEC campaigns since July 2019, targeting over 46 countries worldwide, focusing on giant MNCs that have a global presence. With extremely well-written phishing emails, they make it impossible for people to differentiate between real and fake messages.

Remote-working has made video conferencing applications indispensable entities, post-pandemic. Cybercriminals are taking advantage of this situation by sending fraudulent emails that impersonate a notification from the video conferencing platform, Zoom. This is aimed at stealing login credentials to conduct massive company data breaches.

It is clear that the relevance of BEC is rapidly surfacing and increasing in recent times, with threat actors coming up with more sophisticated and innovative ways to get away with fraud. BEC affects more than 70% of organizations worldwide and leads to the loss of billions of dollars every year.

This is why industry experts are coming up with email authentication protocols like DMARC to offer a high level of protection against impersonation.

What is Email Authentication?

Email authentication can be referred to as a bevy of techniques deployed to provide verifiable information about the origin of emails. This is done by authenticating the domain ownership of the mail transfer agent(s) involved in the message transfer.

Simple Mail Transfer Protocol (SMTP), which is the industry standard for email transfer, has no such in-built feature for message authentication. This is why exploiting the lack of security becomes exceedingly easy for cybercriminals to launch email phishing and domain spoofing attacks.

This highlights the need for effective email authentication protocols like DMARC that actually delivers its claims!

Steps to Prevent BEC with DMARC

Step 1: Implementation

The first step to fighting BEC is actually configuring DMARC for your domain. Domain-based Message Authentication, Reporting, and Conformance (DMARC) uses SPF and DKIM authentication standards to validate emails sent from your domain.

It specifies to receiving servers how to respond to emails that fail either/both of these authentication checks, giving the domain owner control over the receiver's response. Hence for Implementing DMARC, you would need to:

  • Identify all valid email sources authorized for your domain
  • Publish SPF record in your DNS to configure SPF for your domain
  • Publish DKIM record in your DNS to configure DKIM for your domain
  • Publish DMARC record in your DNS to configure DMARC for your domain

To avoid complexities, you can use PowerDMARC's free tools ( free SPF record generator, free DKIM record generator, free DMARC record generator) to generate records with the correct syntax instantly and publish in your domain's DNS.

Step 2: Enforcement

Your DMARC policy can be set to:

  • p=none (DMARC at monitoring only; messages failing authentication would still be delivered)
  • p=quarantine (DMARC at enforcement; messages failing authentication would be quarantined)
  • p=reject (DMARC at maximum enforcement; messages failing authentication would not be delivered at all)

We would recommend you to start using DMARC with a policy enabling monitoring only so that you can keep a tab on the email flow and delivery issues. However, such a policy wouldn't provide any protection against BEC.

This is why you would eventually need to shift to DMARC enforcement. PowerDMARC helps you seamlessly shift from monitoring to enforcement in no time with a policy of p=reject, which will help specify to receiving servers that an email sent from a malicious source using your domain would not be delivered to your recipient's inbox at all.

Step 3: Monitoring and Reporting

You have set your DMARC policy at enforcement and have successfully minimized BEC, but is that enough? The answer is no. You still need an extensive and effective reporting mechanism to monitor email flow and respond to any delivery issues. PowerDMARC's multi-tenant SaaS platform helps you:

  • stay in control of your domain
  • visually monitor authentication results for every email, user, and domain registered for you
  • take down abusive IP addresses that try impersonating your brand

DMARC reports are available on the PowerDMARC dashboard in two major formats:

  • DMARC aggregate reports (available in 7 different views)
  • DMARC forensic reports (with encryption for enhanced privacy)

A culmination of DMARC implementation, enforcement, and reporting help you drastically reduce the chances of falling prey to BEC scams and impersonation.

With Anti-Spam Filters, Do I Still Need DMARC?

Yes! DMARC works very differently from your ordinary anti-spam filters and email security gateways. While these solutions usually come integrated with your cloud-based email exchanger services, they can only offer protection against inbound phishing attempts.

Messages sent from your domain still remain under the threat of impersonation. This is where DMARC steps in.

Additional Tips for Enhanced Email Security

Always stay under the 10 DNS Lookup Limit.

Exceeding the SPF 10 lookup limit can completely invalidate your SPF record and cause even legitimate emails to fail authentication.

Business Email Compromise

In such cases, if you have your DMARC set to reject, authentic emails will fail to get delivered. PowerSPF is your automatic and dynamic SPF record flattener that mitigates SPF permerror by helping you stay under the SPF hard limit.

It auto-updates netblocks and scans for changes made by your email service providers to their IP addresses constantly, without any intervention from your side.

Ensure TLS Encryption of Emails in Transit

While DMARC can protect you from social engineering attacks and BEC, you still need to gear up against pervasive monitoring attacks like Man-in-the-middle (MITM).

This can be done by ensuring that a connection secured over TLS is negotiated between SMTP servers every time an email is sent to your domain.

PowerDMARC's hosted MTA-STS makes TLS encryption mandatory in SMTP and comes with a straightforward implementation procedure.

Get Reports on Issues in Email Delivery

You can also enable SMTP TLS reporting to get diagnostic reports on email delivery issues after configuring MTA-STS for your domain. TLS-RPT helps you gain visibility into your email ecosystem and better respond to issues in negotiating a secured connection leading to delivery failures.

TLS reports are available in two views (aggregate reports per result and per sending source) on the PowerDMARC dashboard.

Amplify Your Brand Recall with BIMI

With BIMI (Brand Indicators for Message Identification), you can take your brand recall to a whole new level by helping your recipients visually identify you in their inboxes.

BIMI works by attaching your unique brand logo to every email you send out from your domain. PowerDMARC makes BIMI implementation easy with just 3 simple steps on the user's part.

PowerDMARC is your one-stop destination for an array of email authentication protocols, including DMARC, SPF, DKIM, BIMI, MTA-STS, and TLS-RPT. Sign up today to get your free DMARC Analyzer trial!


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.