Email Security in 2020: Protecting Your Domain and Your Recipients
While phishing emails have always been an issue for digital marketers, the ongoing coronavirus pandemic has created new grounds for phishing strategies that capitalize on fear. This is just another example of how malicious scammers jump on any opportunity to steal personal information. Now more than ever, users must be cautious of what is going in and out of their inboxes.
Common scams that have been encountered so far are emails containing false information on how to protect yourself from COVID-19 or how to receive a vaccine. Typically these emails include viruses in the form of malicious attachments or links.
Here are a few examples of what these emails may look like:
To protect their operations from the virus and the resulting country-wide shutdowns, many businesses, schools and organizations have pivoted online which also equals an increase in email communication.
The uncertainty regarding the spread of coronavirus and the constant breaking news has created an immense panic among the general population which scammers are looking to take advantage of. The attackers understand that in this time of panic, people are looking everywhere for news regarding COVID-19 and are more likely to engage with an email that claims to hold valuable information. Whether the scammers are impersonating government organizations, medical organizations or university health teams, their main goal is to create temporary trust with the reader which they will ultimately break when they steal their personal information.
Not only are phishing attacks dangerous for the recipients, but they also pose a threat to legitimate businesses. It is extremely common for scammers to use recognizable business names as a way to build temporary trust. Those companies whose email domains get spoofed are also victims of the attackers as a phishing attack can ruin a business’s reputation that took years to become established as a trusted source of information. In our current situation, protecting your domain against any kind of spoofing is one of the best ways to protect your business.
How to Protect Your Domain
One way to protect your domain is by employing DMARC authentication. Adding a DMARC record to your domain’s DNS and setting the “reject” policy creates a barrier that stops any emails that are masked to look like they were sent from your organization from arriving in the recipient’s inbox, therefore, keeping your domain is safe.
The DMARC Analytics tool from GlockApps lets you create a DMARC record to protect your domain. After publishing the DMARC record in DNS, you will receive full access to reports about how your sent messages all pass SPF, DKIM, and DMARC authentication. Furthermore, you will be able to monitor the sources that are sending emails on your behalf in real-time. A sudden increase in email messages sent from an unknown source on behalf of your domain is a telltale sign that your business is being spoofed.
The picture below demonstrates an email phishing attack detected by GlockApps DMARC Analytics.
- Changes in your SPF or DMARC record
- Errors in your SPF or DMARC record
- Drops in your sent messages DMARC compliance rate
- DMARC authentication failures for your legitimate sending sources
- Unauthorized spikes in emails sent from your domain
In addition to email, you can integrate the GlockApps Gappie bot to Slack and Telegram to quickly check public DNS records for your domain (SPF, DMARC, rDNS, MX), resolve the IP to the hostname and back, check the IP against public blacklists, and run a quick spam test.
Whether a business hosts their own email system or sends email marketing campaigns using an email service provider, the domain administrator must check the domain’s public DNS records and make sure the correct configuration of the DNS records linked to the correct email infrastructure, be it MX, SPF, DKIM or DMARC.
Protecting your email domain and your recipients from malicious scammers is essential in today’s business world. If you haven’t implemented DMARC yet, right now is the perfect time.
Sign up for a free trial of DMARC Analytics in your GlockApps account today!