Email: Don’t Pass Go!

By Maydeen Bartholomew-Tangaro on January 18, 2019

Businesses are highly affected by email scams. One scam reaching critical level is the W-2 scam.  The scam is aimed toward the HR department of an organization using sophisticated phishing technique and pretexting via email.  Attackers can gain access to company information, specifically an employee’s W-2 and file taxes in their name. The money will then be deposited to the attacker. There are instances where the attackers have used the company’s EIN to file taxes for the company itself. The scam is so critical that the IRS and its partners in the Security Summit are actively warning the business community to be extra vigilant this 2019 tax season. How do we protect ourselves against the increasing threats?

DMARC

DMARC (Domain-based Message Authentication, Reporting, and Conformance) combines the two current standards used to detect unscrupulous emails: Sender Policy Framework(SPF) and DKIM(Domain Keys Identified Mail).

SPF allows the owner of an internet domain to specify which computers are authorized to send mail in the domain, and publishes those ranges on the DNS server. When the receiving email server gets the message it will ask the DNS server if this is a valid IP address. Depending on the response it will end up in the spam box or the inbox.  Below is a graphical representation of this framework:

SPF Flowchart

Figure 1: SPF by itzap.com

DKIM adds a digital signature to the header of an email message. This signature is then validated against a public cryptographic key in the DNS records.  Like, depicted in the image below if keys match it will reach the inbox, and if it doesn’t it will end up in the spambox.

DKIM flowchart

Figure 2: DKIM by mailjet.com

Used individually, each standard above is susceptible to evasion . Below is a depiction of how DMARC works. Both standard SPF and DKIM must be authenticated, if authenticated the email will hit the inbox but if not authenticated DMARC policies can be implemented to either allow it into the inbox, quarantine it in the spam box, or completely reject the email.

DMARC Flowchart

Figure 3: DMARC by vailmail.com

Individuals are usually the highest security risk in an organization, can we trust them? Good news from the Verizon Report is that only 4% of users in the study clicked the phishing emails; however, we know that it only takes one person’s neglect to allow an attacker to wreak havoc on an organization.  Using the DMARC standard will create a safer email environment for an organization by decrease the odds of malicious emails reaching individuals.

RESOURCES:

Common email internet scams; retrieved at moneycrashers.com

Verizon Data Breach Investigations Report 11th Edition

Security summit warns employers be alert to identity theft and w-2 scams; retrieved at irs.gov

Anti-spam spf sender policy framework email authentication; retreived at itzap.com.au/