news

Technical controls to prevent business email compromise attacks

admin
Spread the love

Technical controls to stop the spoof

There are numerous methods to help users detect and not fall victim to BEC risk, all of which should be included in a company’s security awareness training program, but let’s look here at the technical controls.

The simplest way to prevent business email compromise attacks is to block illegitimate and spoofed email. Spoofed email is highly effective because it appears to come from a trusted source, like the above example where the email looked like it came from CEO Taylor. While no set of controls can guarantee 100% of unwanted mails are blocked, technology can prevent the lion’s share of shady emails from hitting corporate inboxes.

Most large email providers, including Google and Microsoft, offer strong baseline protection against malicious email. To ensure the full benefit of available protections, however, companies must ensure those controls are turned on.

Key protection features include the following:

  • DomainKeys Identified Mail (DKIM). DKIM uses keys to help prevent email spoofing. A signature is appended to outgoing email. When the inbound server receives the email, the signature is checked against the domain’s public key. If there is a match, the email goes through. If it’s not a match, it’s blocked.
  • Sender Policy Framework (SPF). When an email comes into a mail server, SPF checks against the approved email senders for the sender’s domain. For example, the approved host to send email from techtarget.com is mxa-00051b01.gslb.pphosted.com. If a company has SPF turned on, the server will check the inbound email to see if there is a match for the approved mail exchanger and the actual one. If there isn’t an authenticated match, the email can be dropped, ensuring it never reaches employee inboxes.
  • Domain-based Message Authentication, Reporting and Conformance (DMARC). DMARC is an extension technology to SPF and DKIM. It enables a domain owner to publish the domain’s email authentication requirements, such as whether the domain uses DKIM, SPF or both. DMARC also describes what should be done with an email if it fails authentication.

With DKIM or SPF and DMARC enabled, a company can greatly reduce the risk of passing spoofed emails into employee inboxes, which, in turn, limits BEC attack success.