How to help stop spoof/fake emails using DMARC
“Please urgently transfer £20,000 across to this bank account” reads the email to Brenda in the accounts department, from Tarquin the owner of the business. Strange that he’s never made such a request in the past, and given he has access himself to do that, it does seem odd. I’ll transfer it anyway though, even though it’s to a brand new account.
STOP, STOP, STOP!
Obviously, there should be alarms ringing all over this, and hopefully, most of you would immediately dismiss the request and recognised that it’s a fake email. Sadly, not everyone does and money is transferred from businesses every day to criminals. Hard-earned money just given away basically breaks my heart.
As part of your overall strategy towards Cybersecurity, there is a part of the puzzle, that you can relatively easily implement to help reduce (I’d say stop, but there is always a new way round solutions) these fake/spoof emails. You can use something called DMARC.
Don’t switch off, stick with me here. DMARC is like a check/lookup for your business email, that verifies if the email has been generated from a legitimate system. If it hasn’t you can choose to have the email rejected, you can choose to have it quarantined (basically go to your junk email folder) or to have no action but instead have a report of the “fake” stuff.
There is a wonderful statistic out there about the huge difference implementing DMARC will make, but I will keep it much simpler for you. Basically, as per advice from the Global Cyber Alliance, if you do nothing else, you should at least put DMARC in place for your business email domain and also make use of secure DNS from the likes of Quad9. These two things alone will go an awful long to make you more secure.
Implementing DMARC is relatively easy to do (I will make the time in the future to produce a technical guide for you). You will need to know how to access your business domain’s control panel, with the company your domain is registered with (for example 1&1, Go Daddy, Names Co etc). Once in there, you have to create a TXT record that contains the information for your DMARC record (and you should also put your SPF record in place as well, but that’s a conversation for another day). The syntax you use for your DMARC will differ based on what you want it to do, but the most common option would be for the email to be flagged as ‘quarantine’. If that was the case, your DMARC record may look like this:
v=DMARC1; p=none; sp=qurantine; ri=86400
I know that looks like super duper coding, off the ZX Spectrum days, but all that is saying is, use DMARC and anything which fails the check, flag it as junk.
This should stop Brenda from giving out free cash, protect your business and it’s all for free. You can write me a cheque. Or send me a transfer 😉
Gavin Moorhouse is the owner of Lucid Computer Solutions Ltd, a Cyber Security-conscious IT business based in Redditch, Worcestershire. They help businesses keep hold of their hard-earned cash, in the surrounding Midlands areas.