The recent spurt in the number of ransomware has been directly linked to phishing technologies that mask credible account information. Cybercriminals are exploiting the lockdown due to COVID-19 pandemic to steal personal information with the intent of committing financial frauds and tarnish corporate image of an organization. Most companies, despite knowing the risks of such phishing attacks, have been found themselves at the wrong side of the fence, largely due to limited or zero understanding of how phishing works, and which anti-phishing technologies are actually available to protect their interests.
According to Twilio SendGrid, “the biggest development in anti-phishing solutions is the standardization of DMARC and its enforcement capabilities.”
Fact Check: Cost of Phishing
- According to DMARC.org, the number of valid DMARC policies observed in the DNS increased by roughly 300% over the course of 2019, based on analysis of data from Farsight Security.
- At the end of 2018, there were roughly 630,000 valid DMARC policies published, and at the end of 2019, this figure was 1.89 million.
- Based on research from the Verizon Data Breach Investigation Report, the number one vector in data breaches remains phishing!
- A mid-size company can lose up to $1.6 million in a single phishing attack
- According to reports, Phishing attacks are growing in numbers on new file sharing and collaboration platforms.
- Users on Slack, Skype, Microsoft Teams, Facebook Messengers, Google Docs, SharePoint, ShareIt, WhatsApp Messenger, and video collaboration platforms, and many others are under consistent danger of getting spoofed or phished out of their personal information.
Did you know that FBI puts phishing damages inflicted to the economy at whopping $26 billion, between 2013 and 2019, for the Business Email Compromise/Email Account Compromise (BEC/EAC)? During the COVID-19, these damages are yet to be evaluated but the numbers are expected to grow.
According to a US-CERT report, a majority of phishing victims are unaware of their threats landing through emails and mobile messages, or are unaware of their organizational policies and procedures when contacting people from outside their IT purview, especially spoofing accounts masked as customers or service providers.
We know that in most phishing attacks, there is a social component involved that cybercriminals cleverly engineer to seep into the vulnerable spots in browsing and emailing habits of their targets/ victims.
To solve these unique challenges targeting the government institutions and private organizations, leading Email API platform Twilio SendGrid is partnering with email sender verification platform Valimail. The combined force will provide turnkey solutions that better protect customers’ sending domains.
Twilio SendGrid’s customers can do much more with their traditional corporate email security measures now. Together with Valimail’s solution, customers can more easily take advantage of industry best practices and deploy email authentication with greater insight into the health of their sending domains.
Here are the unique benefits Twilio SendGrid customers can leverage to shell themselves in the omnipresent cat and mouse game with phishing groups.
DMARC Overview
Nearly 1 percent of the global emails come from phishing accounts. A single phishing email can take your business down. It’s important for every business owner to understand the security benchmarks. DMARC is one of them.
DMARC Enforcement
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication policy to report any email incident related to phishing. Anti-phishing DMARC solutions like SPF and DKIM have been in the industry for years now. But, we need to grow beyond these bare minimum protocols. That’s why Valimail DMARC, together with Twilio SendGrid, can be considered as a potential game-changer in the fight against cybercrime.
Reporting and Analytics
Email delivery will become a lot tighter and secured as we see Twilio SendGrid putting together a DMARC Pass/Fail Matrix to help visualize alignment.
Messages 1 and 2 both have SPF and DKIM, but message 2 fails alignment because the “from” domain (domain.com) is different than the SPF and DKIM domains (other.com).
Twilio SendGrid customers will be able to monitor and analyze DMARC reports, utilizing Valimail’s DMARC Monitor and DMARC Enforce solutions, to further protect their mailing domains from impersonation and comply with industry best practices by reaching DMARC enforcement.
Valimail’s free DMARC Monitor solution offers an easy to use interface and enables your organization to make intelligent decisions based on your DMARC data. Unique among DMARC solutions, Valimail DMARC Monitor displays sending services using your domain to send email by name, not by IP address, it can identify which ESP any given cloud service may be using, and it can accurately identify any of more than 5,500 different sending services. In addition, the tool will identify where SPF and/or DKIM failures are occurring, and if any “suspicious” senders are abusing your domain. Using this tool, you’ll gain visibility into all platforms sending mail from your domain.
At the time of this announcement, Valimail CEO Alexander García-Tobar said,
“Cybercriminals never let a crisis go to waste. Phishing has surged to exploit the uncertainty and fear at a time people are working from home, far away from IT support and with an even higher reliance on email. Impersonation is the attack vector used by 90% of spear phishing attacks — email sent as your co-workers, your boss, or a trusted organization — and domain spoofing poses unique challenges for both detection and prevention.”
Alexander added, “Valimail’s services specifically address and solve this problem, protecting your employees, brand, and clients globally. The need and timing couldn’t be more appropriate and we’re very pleased to be working with Twilio SendGrid to bring our DMARC solutions to their customers.”
Not letting Down the Guard During the Pandemic; or Ever
Bad actors have huddled together to breach EVERY SINGLE security protocol that their targets might trust against looming cyber attacks. COVID-19 pandemic has only provided bad actors with stealth cover to operate, even as their targets are incentivized to pick the bait, hoping it’s going to bring business to them.
It’s time to balance the art of “winning heart” with defending one’s business using anti-phishing fences. Valimail DMARC and Twilio SendGrid is about that.
One example that we’ve seen is bad actors attempting to scam small business owners by impersonating affiliates involved in the first-come, first-serve, Paycheck Protection Program of $349 billion to aid small business during the COVID-19 pandemic.
Are you still creating DNS records?
Valimail’s Enforce solution has the industry’s highest rate of getting customers to DMARC enforcement, and even provides a guarantee that customers will reach DMARC enforcement. The state-of-the-art solution allows you to completely automate your DKIM and SPF configurations for over 5,500 services. That’s right: the days of manually creating DNS records can be a thing of the past.
Authorize your Enterprise Apps using Valimail Enforce
Every department now has its own technology stack, largely comprising of a Cloud suite, and peripheral add-ons like chat bots, mobile apps, and collaboration tools. Overall, they all add to the total number of apps used by the company. At an enterprise-level, a company could be using anywhere between 50 to 200 apps, depending on the size of the company and its IT modernization.
Amid lockdown-enforced work from home scenarios, app usage has only increased. And with these, the risks of phishing too!
If phishing attacks through any of these apps, it could take weeks, if not months to accurately pin-point the actual parties that let the phishing attacks occur.
With Valimail Enforce, you can authorize approved services with just one click! The state-of-the-art solution allows you to automate your DKIM and SPF configurations for over 5,500 services.
Len Shneyder – VP of Industry Relations @ SendGrid featured today at the MarTech Interview Series.
Whether you’re using Twilio SendGrid to send marketing messages, transactional messages, or both, DMARC can help improve your deliverability and stop bad actors.
