Blog / Canada Targeted by 66% of Global Phishing Attacks… Oh Canada!!
For the 5th quarter in a row, Canada was ravaged by fraud-based Phishing Attacks, making it the most frequently targeted country by far, absorbing 66% of all cyber strikes in our planet. The next most commonly targeted territory, the US, accounted for only 7% of the assaults.
Cyber Fraud is something that every outfit should be mindful of. Exactly how you protect yourself against it really depends on the nature of your business and how you interact with your clients. As I scan through the news every week, I find articles about how companies or government bodies lost thousands, hundreds of thousands, or even millions of dollars, because someone tricked them in some way.
Preventing yourself from being cyber scammed means you need to have good processes in place, for when you connect with your customers and when they interact with you. Customer identity and financial details are something that should be treated as sacrosanct, or sacred. Being flexible and easy to deal with is one thing, but not if it puts you at risk.
There is another side of fraud that you may not have considered. It is one thing to protect yourself from being scammed, but what about protecting other people? That is not your organization’s responsibility? Okay, but what about protecting others from being scammed by people who claim to be from your outfit? That changes things a bit.
When it comes to the telephone, one way to try and prevent someone from pretending to be from your organization is to make sure that your phone numbers can be found very easily (prominently displayed on your website, etc.) Also, having a custom name for Call Display could be useful. To customize your Call Display name, you will need to contact your telephone provider to see what you need to do (TELUS requires a business account, etc.)
Email is another big concern, or at least it should be. How can you possibly prevent someone from sending emails, while they pretend to be one of your employees? The good news is that there are tools out there to help prevent this from happening. You want some more good news? Okay, I can add some more: The tools are free. Now for a little bit of not-so-good news: You need to deal with the setup and configuration of these on your own; there is no plug and play/automatic options.
Getting email up-and-running is simple. It is so easy that even people who have no understanding about how it works, can do it. Simply install Microsoft Exchange and contact a Domain registrar like Go Daddy and off you go. I consider this to be something like driving without a driver’s license, but I will admit this is due to several decades of HelpDesk and talking to email administrators about the problems they have with various spam-filtering checks.
So, now that I’ve hopefully peaked your curiosity, I’ll explain exactly what I’m talking about. In addition to your basic settings, there are some extra ones you can configure, which have been designed specifically to try and prevent people from spoofing your email domain:
1) SPF record (Sender Policy Framework)
The SPF record is part of Public Information that can be found when a mail server looks up your domain. This means it is configured as part of your MX (Mail exchange) Record that you set-up on your Domain Registrar when you configure your domain’s external information. Its purpose is to specify which IP addresses are authorized to send email from your domain.
The syntax is easy to learn. An erroneous configuration will deem it to be it utterly useless at blocking spoofing, or you will not be able to send email to any place that uses SPF checks as part of its spam-filtering.
This check was first proposed in 2000 but was not ratified until 2014.
2) DKIM (Domain Keys Identified Mail)
DKIM is something that you need to enable and configure on your mail server, as well as in your Public Record. What it does is add a digital signature to your outbound emails. This signature allows other mail servers to do a check to verify that the email came from your organization. Any email that fails the check is considered spam by the remote mail server and treated according to the configured setting.
This check was made public in 2011.
3) DMARC (Domain Message Authorization Reporting and Conformance)
Just like SPF records, DMARC is also configured on your Domain Registrar. This record allows you to advertise if your domain has an SPF record and/or uses DKIM. It also permits you to specify what an email server should do if it receives an email that fails either of these checks. Finally, it enables you to stipulate which email address those mail servers can use to send you a report about any failures. This empowers you to find out if your records are configured, or if someone is actively attempting to spoof your domain.
This check was made public in 2012
All these spam-filtering checks have been around for a long time. However, they really have not been widely adopted. The main weakness with a spam check is that it is not required that any mail server use it. Just because you have setup SPF and/or DMARC, does not mean the remote mail server needs to bother checking that. So, doing this is no guarantee that someone will not be able to spoof your emails. Nonetheless, doing nothing accomplishes exactly that: nothing. Doing this is quite literally “an ounce of prevention”, since using these tools will cost your organization exactly 0$. That is a pretty cheap pound of cure.
If you have any questions about setting up SPF, DKIM or DMARC for your email domain, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.