1. Cybersecurity

How to Fight Business Email Compromise (BEC) with Email Authentication?

Disclaimer: This is a user generated content submitted by a member of the WriteUpCafe Community. The views and writings here reflect that of the author and not of WriteUpCafe. If you have any complaints regarding this post kindly report it to us.

A constantly evolving and raging kind of cybercrime geared towards email as a potential method of committing fraud is called business email Compromise.

In the case of government, commercial and non-profit organizations, BEC can lead to massive amounts of data loss, security breaches, and compromised financial assets.

There is a widespread belief that cybercriminals tend to put their sights on MNCs or enterprises. Today, smaller enterprises are just as susceptible to fraud via email as larger companies.


What are the implications of BEC for organizations?


The types that fall under BEC comprise sophisticated attacks such as CEO fraud, fake phishing invoices, email spoofing, to mention some. It could also be described as an impersonation attack, where an attacker seeks to defraud an organization by impersonating people who hold authority posts. Impersonating the CEO or CFO or a business partner or anyone else you'd put your faith in, is the reason behind the success of these attacks.


The month of February 2021 was a perfect time to document the actions in the Russian cyber group Cosmic Lynx, which employed a sophisticated strategy to combat BEC. The group had been associated with conducting more than 200 BEC campaigns since July of 2019 with over 46 nations worldwide, focusing on large multinational corporations with an international presence. With exceptionally well-written phishing emails and a lack of proof to discern between fake and genuine messages.


Remote-working has made video-conferencing applications essential post-pandemic. Cybercriminals profit from this fact by sending fake emails pretending to be a message of the video-conferencing service, Zoom. The aim is to steal login credentials to carry out massive data breaches at companies.


It is evident that the importance of BEC is quickly surfacing and has been increasing in recent years as threat actors come up with new and inventive methods to evade fraud. BEC has a direct impact on greater than 70 per cent of businesses globally and causes losses of millions of dollars each year.


That's why experts in the field are working on protocols for email authentication such as DMARC to provide a high level of security against impersonation.


What exactly is Email authentication?


Email authentication is described as various methods that give verifiable details about the source of email messages. This is accomplished by verifying the domain ownership for the email transfer agent(s) responsible for transmitting the message.

Simple Mail Transfer Protocol (SMTP), which is the standard used in the industry for email transfer, does not have an in-built feature to allow message authentication. This is why it is easy to exploit the vulnerability of SMTP and is a breeze for hackers to launch email Phishing and domain spoofing attack.


This is a sign of the importance of reliable email authentication protocols, such as DMARC, that fulfills its promises!


How to Prevent BEC by using DMARC


Step 1 Step 1: Implementation


The first step towards combating BEC is configuring DMARC to your specific domain. Domain-based Message authentication, reporting, and Conformance (DMARC) utilize SPF and DKIM security standards for authentication to confirm the emails sent by your domain.

It specifies to the receiving server the procedure to reply to emails that fail both or neither of these authentication tests and gives the domain owner the ability to control the receiver's response. To implement DMARC, you will need to:

  • Find all email sources that are valid and valid for your domain
  • Make SPF records available within your DNS to set up SPF on your domain
  • Publishing DKIM records in DNS for your domain to set up DKIM on your behalf
  • Create a DMARC record in DNS to set up DMARC to your specific domain

To make things simpler, To avoid any complexities, utilize EmailAuth's free tools ( the free record maker for SPF records and free DKIM record maker, and free DMARC record-maker) to generate records that have the correct syntax immediately and then publish them to the domain's DNS.


Step 2. Enforcement


Your DMARC policy could be set to:

  • P=none (DMARC for the monitoring level only, messages that fail authentication will still be delivered)
  • P=quarantine (DMARC at the time of enforcement; messages that do not authenticate would be removed from quarantine)
  • P=reject (DMARC at maximum enforceability; messages that fail authentication will not be sent in any way)


We recommend that you begin using DMARC with a policy that allows monitoring for only one email to keep an eye on the delivery and flow of email issues. But such a policy will not provide any security against BEC.


It is why you will eventually have to switch to DMARC enforcement. EmailAuth allows you to seamlessly transition into enforcement from monitoring in just a few minutes by implementing a policy called p=reject. In addition, it can help inform the servers receiving emails that any email received from a source of malicious intent that uses your domain will not be sent to the recipient's inbox or inbox at all.


Step 3. Monitoring and reporting


You've set your DMARC policy to enforce, and you have managed to reduce BEC; however, is this enough? No. Still, you require a robust and efficient reporting mechanism to track email flow and address any issues with delivery. EmailAuth's multi-tenant SaaS platform can help you:


  • You are in charge of your domain
  • You can visually check the authentication results for each user, email and domain registered to you.
  • remove the abusive IP addresses to impersonate your brand


DMARC reports are accessible through the EmailAuth dashboard in two primary formats:



A combination of DMARC implementation, enforcement, and reporting will help you significantly decrease the chance of becoming a victim of BEC frauds and impersonations.


If I have Anti-Spam Filters in place, do I Have DMARC?


Yes! DMARC is different from your typical anti-spam filters and email security gateways. Although these tools are typically in conjunction with cloud-based email exchangers, they only provide security against phishing attempts that come inbound.

Any messages sent through your domain remain at risk of being viewed as impersonations. This is the reason why DMARC comes in.


Additional Tips to Improve Email Security


Never exceed the 10-year DNS Search Limit.


Overstepping the limit of SPF 10-lookup limitation will render invalid your SPF record and even legitimate emails to be rejected for authentication.

If you are using a DMARC configured to reject authentic emails, they will be unable to be sent. EmailAuth SPF is an automatic and constantly changing SPF record flattener, which helps reduce SPF permerrors by helping you remain within the SPF hard limit.

It updates itself automatically and scans for any changes made by email providers' IP addresses continuously without any intervention from your part.


Verify that Emails are encrypted using TLS when in Transit


While DMARC will protect you from social engineering attacks and BEC, you need to prepare yourself for the widespread monitoring attacks such as Man-in-the-middle (MITM).


This can be accomplished by ensuring that a connection that TLS secures is handled between SMTP servers whenever an email gets sent out.


EmailAuth's hosted MTA-STS is TLS encryption mandatory for SMTP and has simple implementation procedures.


Receive reports on issues with the delivery of emails


You can also turn on SMTP TLS reporting to obtain the diagnostic reports regarding email delivery issues following the configuration of MTA-STS on your domain. TLS-RPT lets you gain insight into the email environment and helps you better address problems in negotiating a secure connection, which can cause delivery problems.

TLS reports are accessible in 2 different views (aggregate reports by the result and per sender source) on the EmailAuth dashboard.


Increase the effectiveness of your brand recall with BIMI


Utilizing BIMI (Brand Indicators for Message Identification), it is possible to enhance your brand's recognition to a new level by assisting your customers to be visual identify you within their inboxes.


BIMI operates by attaching your logo and brand's uniqueness to each email you send via your domain. EmailAuth helps make BIMI installation simple with only three simple steps for the user's side.

Have you found this article informative? Then, follow us via Facebook, Instagram and LinkedIn to access more exclusive content we publish.


Original source: https://medium.com/@rawatnimisha/how-to-fight-business-email-compromise-bec-with-email-authentication-9a6cbef95042



Welcome to WriteUpCafe Community

Join our community to engage with fellow bloggers and increase the visibility of your blog.
Join WriteUpCafe