Typosquatting and other Business Email Compromise risks revealed
The first and favourite means of attack from cyber criminals is via email. Yearly they generate $26 billion from spoofing and phishing attacks, a large portion of the cybercrime industry. This is due to 80% of organisations still being vulnerable to these sorts of attacks and many fall for the innocent-looking attacks. Business email compromise (BEC) is an everyday reality and South Africa now has the third-highest number of cybercrime victims in the world, costing about R2.2-billion annually.
Two industry leaders in cybersecurity announced a partnership in July to tackle e-mail crime and are starting out with an essential education list of terms and tactics to watch out for. Sacha Matulovich, co-founder and Chief Strategy Officer at Sendmarc, explains “Criminals get away with email crime due to the trusting nature of victims, savvy social engineering that creates the assumption that the emails they are receiving are authentic. This is because of a lack of awareness regarding phishing and spoofing scams. We intend to change that through education and protecting company domains.”
The company outlines four email impersonation attacks:
- Typosquatting: More often than not when an email is received, users do a short scan to see who it is from. If the name of the sender and/or the company domain name are recognised often it is assumed they are legitimate and taken for face value, but sometimes just one letter may be different and can be easily missed. This is a form of phishing.
- Display Name Spoofing: Forging an email is relatively quick and doesn’t require any coding skills. However, fake emails that hijack the names of employees and also mimic the formatting and unique language characteristics of the sender or company require more skill. Unfortunately, there are many websites that advertise how to forge a sender display name, and it takes just a few steps for anyone to create and send a fake email and take on the identity of the real person.
- Whaling: This type of attack is when DNS targets specifically people of high interest in an organisation like a CEO or CFO to impersonate. This makes the trick more likely to work and has been seen to work in the case of the University of Mpumalanga.
- Phishing: A type of social engineering attack where an attacker poses as someone else to steal sensitive information by posing as a legitimate source of questions/requests.
Sendmarc employs DMARC protection, a technology protocol that verifies the source of an email & makes sure that only real emails ever reach an inbox, meaning that organisations are able to verify whether the emails they receive are legitimate and unaltered.
Initially, businesses were slow to adopt DMARC protection. Some were not aware of the problem, while others thought they were already adequately covered by their existing cybersecurity measures. Sadly as businesses continue to be spoofed, companies have realised they need deep expertise and protection. DMARC policies went up 84% last year.
South African businesses, big and small, have experienced huge losses of up to R100 000 000, and some have come dangerously close. The University of Mpumalanga nearly lost R100,000,000 to fraudsters, had it not been for FNB suspecting a suspicious payment by the time the fraud was noticed it would have otherwise been too late. A small travel agency had their domain impersonated by someone else which resulted in a school paying sporting tour funds to the wrong account. Consequently, their U16A hockey team never went on tour.
Partnering with Sendmarc “allows us to offer a comprehensive cybersecurity package with a greater emphasis on keeping organisations safe all the time” says Steve Porter, Managing Director of IronTree. “We are constantly striving to make sure we offer the best cyber security package on the market.”
“It seems only logical to protect against this sort of human error,” says Porter, “adding DMARC protection through Sendmarc will protect your company from these kinds of attacks,” he concludes.