Security News

Adoption of the email security protocol DMARC has continued to tick upwards, with the number of domains deploying DMARC records surpassing 1 million in the last two years - a 2.5 times greater total than in 2018. According to Tessian, out of the 60 percent of universities that do have DMARC in place, the DMARC policies have not been set up to quarantine or outright reject any emails from unauthorized senders using its domains.

A credential-phishing attempt that relies on impersonating Bank of America has emerged in the U.S. this month, with emails that get around secure gateway protections and heavy-hitting protections like DMARC. The campaign involves emails that ask recipients to update their email addresses, warning users that their accounts could be recycled if this isn't done. "This ensured that the email wasn't caught in the bulk email filters provided by native Microsoft email security or the Secure Email Gateway."

April is a time for tax-related phishing scams, and we haven't been let down this year despite the dominance of COVID-19-themed phishing campaigns. Security firm Abnormal Security discovered a phishing email giving a single day for the recipient to respond and claim an outstanding tax rebate from HMRC for '550.11 GBP'. The email contains an obfuscated link to a webpage masquerading as a Gov.uk page.

Nearly one million domains use DMARC, but only 13% of them are configured to actually prevent email spoofing, according to a report published this week by anti-phishing solutions provider Valimail. DMARC is an email authentication, policy, and reporting protocol designed to detect and prevent email spoofing.

As of January 2020, nearly 1 million domains have published DMARC records - an increase of 70% compared to last year, and more than 180% growth in the last two years. Just 13% of all DMARC records are configured with enforcement policies, demonstrating that interest in DMARC is increasing but DMARC expertise is not keeping pace.

In a new study on DMARC usage and success, email cybersecurity company Vailmail found that spoof attempts drop to nearly zero "Within a few months after that domain moves to DMARC enforcement." There has been a steady increase in organizations using Domain-based Message Authentication, Reporting, and Conformance as a security measure against domain spoofing but enforcement continues to be the main struggle for most enterprises. Nearly 80 percent of US federal government domains have DMARC records and of those 93%. These high numbers are due mostly to a Department of Homeland Security directive in 2017 mandating DMARC at enforcement for most executive branch domains by January 2018.

DMARC can prevent spammers from using a trusted domain name to send junk mail, a useful tactic for the presidential campaigns and for your organization, according to security provider Valimail.

Agari's Cyber Intelligence Division, which concentrates on email threat investigations, has found that 60% of employee-reported suspect emails are false positives. Wire transfer scams also increased from 19% to 22%, while payroll diversion scams fell from around 25% to 16%. There is another shift within the fraudulent emails.

DMARC can prevent spammers from using a trusted domain name to send junk mail, a useful tactic for the presidential campaigns and for your organization, according to security provider Valimail. Owners of legitimate domains can protect their names from being spoofed in junk mail through Domain-based Message Authentication, Reporting & Conformance, a type of authentication that verifies email messages by checking the sender's domain.

More specifically, of the 15 current candidates, eight now protect their domains from email spoofing with enforced DMARC. In May 2019, when there were still 23 candidates, only three were protected by DMARC. DMARC works with two other email standards to give domain owners control over which senders are allowed to send messages 'as' them. Today, three domains have no DMARC, while four more have unenforced DMARC. Although running DMARC in 'unenforced' mode is often an indication that DMARC is in process of implementation, for so long as it is unenforced, there is no protection.