Almost 15 years ago the Network Working Group officially labeled Simple Mail Transfer Protocol as ‘inherently insecure’. They said that anyone could impersonate a domain and use it to send fraudulent emails pretending to be the domain owner. Today, this is proven in the scale and breadth of the Business Email Compromise (BEC) attacks we see hitting headlines daily, whether successful or not.
Perhaps the most dangerous form as they can fool the majority of Secure Email Gateways. This is where a fraudster sends an email that looks like it came from your domain. This is because the underlying domain is not protected by protocols like DMARC.
With minor manipulation, a criminal can change an email's display name to look like it's coming from a known sender. While easier to spot if the recipient digs into the email header, it’s enough to fool time-pressed individuals into clicking and compromising the organization's security.
Finally, there are attacks that turn to using lookalike domains. This attack vector is massively growing, partly due to the fact that it’s impossible for an organization to defensively buy up and secure all possible permutations of its digital identity.
Email remains the greatest attack vector. It is a growing problem for businesses each day; without adequate defenses in place, they risk irrevocable damage to brand, reputation, and revenue.
Google filters out the malware, OnDMARC protects us from phishing, and OnINBOX is successful in highlighting otherwise impossible-to-spot BEC attacks.
Red Sift Solution Suites have been developed to address the high priority issues cyber-first organizations face today.
Stop exact domain impersonation
Secure your inbound mail
Uncover and take down lookalike domains
