Email Compromise Protection

Frequently asked questions

Background

In the following compilation, we have gathered common statements that we often hear from our customers along with brief information on how we can quickly and effectively respond to these claims.

 

Can you distinguish a legitimate email from a counterfeit?

Test yourself here!

 


Claim 1:

– Phishing is an issue for the IT department and not a marketing issue

Phishing can very well affect and damage the company’s brand in various aspects. An example of one of the ultimate consequences may be that incorrect bank transfers are made. A scenario that can not only cost the company a lot of money, but also affect its reputation.

Furthermore, digital marketing today usually consists of e-mailing. Avoiding non-legitimate e-mails is thus essential to maintain the customer’s trust in the brand. Counterfeit mail from the company’s domains can have several devastating consequences for the company’s brand.

 

Claim 2:

– We have no problems with phishing

Mimecast’s annual report State of Email Security Report” states that 94% of the respondents in the survey have been exposed to phishing in the last 12 months. At the same time, over half (55%) of the respondents say that they have seen an increase during the same period. In other words, it is no longer a matter of being exposed to phishing, but when.

In addition to phishing related to unauthorized payments internally in the organization, it has also become increasingly common for “hijackers” to use the company’s domains to send mail externally, for example to customers and suppliers. Over the past 12 months, 67% of the asked organizations say that they have seen an increase in these types of attacks, and 73% of the attacks were successful.

 

Claim 3:

– I have published an SPF record, so I am secure

– I sign all my emails with DKIM, so I’m protected

– I use both SPF and DKIM, so I have nothing to worry about

Unfortunately, it is a myth that you are 100% protected by signing SPF, DKIM or both.

Above all, there are two major challenges:
1) Both SPF and DKIM are not implemented broadly enough by all users and
2) there is a lack of standard policy for all email providers in the world on how to deal with authentication errors.

SPF works by publishing a record in DNS that approves the IP addresses that are allowed to send e-mails on behalf of a domain, but does not survive the forwarding of e-mails and can thus be easily bypassed.

DKIM tries to solve the shortcomings SPF has by cryptographically signing an e-mail message. This means that DKIM survives forwarding and is thus more difficult to forge. However, due to the complexity of implementing DKIM, the technology has not been implemented to the extent that it was initially intended to.

DMARC is a system based on SPF and DKIM. This provides another tool for senders to better prevent and monitor abuse of their domains. This policy validates that the sender’s identity is authentic and then chooses whether the email client should accept or reject the message.

SPF and DKIM are thus not a universal solution to phishing. There is a lack of standard use and implementation at suppliers and there is a high risk of legitimate e-mail being blocked.

DMARC solves most of these above-mentioned problems by not only using SPF and DKIM but also reporting authentication errors and giving the domain owner control over how authentication errors should be handled. SPF, DKIM and DMARC together provide an adequate protection not only against phishing, but also increases the likelihood of legitimate mail being delivered. In short, best practice is to implement all these three parts to fulfill good protection.

 

Claim 4:

– I use SPF, DKIM and DMARC, so I am fully protected and all my emails should reach the inbox now

We just described that you need these three parts to get full protection. However, this is not the whole truth, it also requires continuous work on analyzing email flow with the help of DMARC reports. The implementation of SPF, DKIM and DMARC gives you no intelligent analysis of the e-mail flow. Nor can it determine who is a legitimate sender or not. This is a critical step that is necessary for the service to function. That is why Ports Group has developed the ECP (Email Compromise Protection) service, where we take care of everything from preliminary research to implementation and the ongoing change management.

 

Conclusion

Do your part to discourage phishing by educating yourself, authenticating, working collaboratively with your marketing and IT department, and finally educating others. You do not buy home insurance in the belief that the house will collapse, but to protect yourself in case something should happen. It is no different for your brand or your email. This is not a matter of if, but when, fraudsters will infringe on your brand. There are solutions to stop this. If you do not protect your brand, are you ready to take on the consequences?

 

 

Email Compromise Protection

Related services

Related cases

"After a period of having seen the extreme rise in the occurrence of false emails, we turned to Ports Group, our partner for protecting our online brand identity since many years. Ports presented their service Email Compromise Protection for us, which seemed promising. After a bit of tweaking and thorough analysis work with Ports, the problem is now basically eliminated and we feel safer in regards to the users’ email management."

Jacob Malmros

IT Manager at Oatly

Want to know more about Email Compromise Protection?

  • This field is for validation purposes and should be left unchanged.

When you contact Ports Group your personal data will be processed in accordance with our Privacy Policy.