Email Impersonation Protection
Phish Protection Technology Protects Against Email Impersonation
The email impersonation challenge
Whether they’re called impersonation attacks, business email compromise, CEO fraud or whaling attacks, email impersonation attacks are typically designed to trick recipients into making fraudulent financial transactions by pretending to be from someone they’re not.
What makes these attacks so challenging is that many don’t use malicious URLs or malware attachments. Asking employees to defend against them is asking a lot. Realistically, email impersonation attacks can only be stopped with email anti-impersonation solutions.
Email impersonation attacks are prevalent and on the rise
According to KnowBe4, one in six users receives an email-based impersonation attack. According to ESRA, there has been an 80% increase in impersonation attacks over the last quarter (Q2, 2018). Email impersonation has become the preferred method for phishing attacks.
You may think you’re immune if you use a hosted solution like Office 365, but you’d be wrong. Using a hosted solution makes you more of a target not less. Of the impersonation attacks that were detected, 61% were against Office 365 users
The two sources of email impersonation
Email impersonation can be accomplished two ways: domain name spoofing and display name spoofing. With domain name spoofing, attackers send an email from a domain that looks like the real domain but has some nearly imperceptible difference. This attack is effective because most email recipients don’t look very closely at the “from” email address.
With display name spoofing, attackers send an email from any domain, usually a free one, but replace the “display name” with the name of an associate or authorized signer on an account. This attack is effective because most email clients, especially mobile ones, only show the display name and not the from address. Rarely can employees be counted on to check the from email address.
There is technology to stop email impersonation
There is a solution that can prevent email impersonation attacks. It’s called DMARC (Domain-based Message Authentication, Reporting & Conformance) and unfortunately most companies have not deployed it. A research report from Farsight Security indicates that less one percent of all domains are authenticated and protected by DMARC.
A report from Agari also provides compelling evidence of the successes of DMARC adoption in protecting customers and brands, driving phishing rates near zero. However, “with DMARC enforcement at only 27% of those firms who have adopted DMARC, it also shows how few enterprises have put these proven controls in place.”
The right solution: DMARC + SPF + DKIM
DMARC, as part of a layered defense that includes Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), is effective against email impersonation.
SPF specifies a list of authorized sending IP addresses for a given domain.
DKIM sends cryptographically signed messages. This ensures the messages weren’t altered in transit between the sending and receiving servers.
DMARC is built on top of DKIM and SPF. It lets users tell their ISPs how they want them to behave if SPF and DKIM fail or aren’t present.
If your company is not using DMARC with SPF + DKIM, you’re not taking full advantage of available technology to protect your organization from email impersonation.
Enterprise-class email protection without the enterprise price
For one low monthly price and no per-user fees, Phish Protection’s integrated email security solution protects your employees from email impersonation with SPF + DKIM + DMARC. 24x7. On any device.
With Phish Protection, you get features you’d expect in more expensive solutions:
All Plans Come With
- Stops email impersonation attacks
- Stop threatening emails before they reach the inbox
- Continuous link checking
- Real-time website scanning
- Real-time alerts to users and administrators
- Check 6 URL reputation databases
- Protection with settings you control
- Protection against zero day vulnerabilities
- Complete situational awareness from a single web-based console