According to Acronis, email-based attacks in the first half of 2024 skyrocketed
To fight this surge of email-related security incidents, organizations have implemented email authentication methods such as:
But are these tools the magic formula that’ll prevent cybercriminals from stealing sensitive information? Will they protect your business against impersonation phishing attacks, spam, and data breaches? Spoiler alert: Nope. We’ll explore a few real-world situations that demonstrate why companies of all sizes need better email authentication and share a few actionable tips for how you can secure your communications.
DMARC, SPF, DKIM, and BIMI email authentication methods help organizations secure their communications by shielding both the sender and the recipient from threats like email phishing and spoofing.
These authenticators act like digital ID cards for emails. They prove to recipients that a message is legit and isn't coming from some shady guy with criminal intentions.
However, these methods alone aren’t foolproof. Cloudflare’s 2023 Phishing Threats report shows that a whopping 89% of unwanted messages successfully passed SPF, DKIM, or DMARC authentication checks. How do these con artists do it? Let’s have a look at three examples.
You’ve probably heard this name before: Kimsuky. This hacker group has been wreaking havoc around the world for more than a decade. They use phishing emails to trick people into giving away their credentials and sensitive personal information.
In 2024, they took it to the next level, targeting organizations that had the DMARC policy set to “none.” This policy setting simply tells the system to do nothing when the victim receives a message that fails the authentication checks. While monitoring emails and checking for authentication failures might be enough in certain aspects, it doesn’t protect you from phishing and spoofed emails that inevitably end up in the recipient's inbox.
The DMARC policy-using attack was so dangerous that the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA)
At the end of February 2024, 21,000+ legitimate internet domains and subdomains owned by trusted domains from major brands (e.g., PWC, McAfee, MSN, Symantec, and eBay) were exploited by a single cybercriminal to send up to five million phishing emails per day.
The threat actor capitalized on the fact that, as the domains belonged to trusted companies, the phishing emails could bypass spam filters and SPF, DKIM, and DMARC email authentication policies.
One of the perpetrator’s tactics targeted the SPF records of domains no longer registered and available for purchase configured with the “include:” policy. This setting allows listed email senders from external domains to pass SPF checks successfully.
The hacker bought these external domains and changed their SPF records to authorize their own email servers. Presto! The attacker’s phishing emails appeared to come from a trusted domain.
The SMTP email protocol is a standard foundation for email communications that can utilize SPF, DKIM, and DMARC to prevent email spoofing and tampering. It does this by verifying that the messages are sent from the allowed networks list and checking other specific email information (e.g., DKIM signature, DNS record, and return-path address data).
Two vulnerabilities in SMTP-hosted email services (i.e., CVE-2024-7208 and CVE-2024-7209) enable attackers to smuggle phishing emails through SPF, DKIM, and DMARC email authentication checks and send them impersonating anyone in the affected hosted domains (i.e., email spoofing).
Sounds far-fetched? This issue has recently impacted big-name brands such as Proofpoint, and according to SEC Consult (which put together a website dedicated to the vulnerability), it could put millions of domains at risk.
So, are you still convinced you don't need to improve your email authentication security? I guess you aren't.
Did the email you've just received pass all email authentication checks? That's great. Nevertheless, it doesn't mean the message is safe. Cybercriminals are getting more clever thanks to the support of new technology tools like artificial intelligence (AI) and large language models.
Here we’ve listed a few aces you can add to your email authentication security sleeve against these threats.
Ensure your emails are correctly authenticated using reliable checker tools such as DMARCLY and MxToolbox. You haven’t set them up yet? There are plenty of wizards and record generators that’ll let you create them in a breeze.
Install strong firewalls and keep your antivirus tools up to date. Consider enabling certificate-based mutual TLS and mutual TLS passwordless authentication. This way, the bad guys won’t have any usernames and passwords to steal or phish. (This approach also can help to prevent password spraying attacks from succeeding.)
Protect your organization’s inboxes from inside and outside threats with next-generation spam and malware filters. They use real-time threat intelligence, behavioral analytics, and machine learning (ML) to help you spot, block, log, and analyze even the most sophisticated email-based threats in a breeze, including zero-day attacks.
Implement a secure email gateway (SEG) to scan your email traffic, identify potentially dangerous messages, and ensure they’re blocked or end up in your users' spam folders. Basically, an SEG stands as a sentinel between your email infrastructure and the traffic flowing to and from it.
Continuously educate your staff, ideally using real-world email examples and phishing tests. Teach them to recognize the warning signs of phishing and spoofed emails and how to avoid falling for such attacks.
Add a visual identity to your emails and secure them against phishing and spoofing by adding BIMI and mark certificates to your outbound messages. You can generate your BIMI record in a couple of clicks using a free BIMI generator tool.
These real-world examples we’ve just analyzed clearly show the importance of enhanced email authentication and strong security measures. DKIM, SPF, and DMARC are valid and vital tools that help you protect your brand, reputation, data, and customers from the bad guys. But as recent industry data shows us, they’re not always enough to keep attackers at bay.
The truth is that AI has raised the need for a higher security bar. Keeping your organization safe from hard-to-spot phishing emails, evolving cyber threats, and sophisticated attacks will require more than these solutions.
Proactively protecting your network, using robust firewalls and advanced email authentication (i.e., certificate-based authentication), can help you significantly minimize the risk of new email-based attacks from emerging technology. Give it a try. Safeguard your brand, identity, and reputation now and help your customers and other email recipients distinguish your legitimate emails from phishing messages more easily.