Phishing Attacks Rise Again During the Holidays – Even for DMARC Protected Brands

Share Button

It is no secret that phishing attacks are growing in scope and the reason is quite simple: they are still effective. For the past several years, we have seen a marked increase in the number of email driven phishing scams that coincide with the holidays. Below you’ll find an email-driven phishing scam which shows a notification from FedEx—we’ve seen this with other brand-recognized delivery couriers like UPS and DHL. You can view the US-CERT advisory here. In this instance, the notification indicates that FedEx was unable to deliver a package because there was nobody available to sign for it. Once the recipient clicks on the invoice, the phishing attack is launched. With this kind of attack, the company purported to be sending the message is also a victim as the brands themselves become associated with fraudulent activities.

What’s interesting about this fake notification is that the message was spoofed from “secure.com” instead of “fedex.com.” This is probably because FedEx is an early adopter of DMARC, and is most likely already in a p=reject mode (more details on that here: http://newblog.easysol.net/guide-to-leverage-dmarc/). This means it’s virtually impossible to spoof the fedex.com domain, leading phishers to utilize other domains instead.

While DMARC is effective in this case in ensuring no one can spoof the company’s domain, one issue that DMARC doesn't solve is the fact that cybercriminals can create domain names that are similar to the target they are attempting to leverage in an attack, using so-called “sister” or “cousin” domains. But because they are not attempting to spoof the full original name of the organization, DMARC won’t catch them.

Captura

It’s important to recognize that DMARC as a standalone tool is not a complete solution to the problem of email-based fraud and phishing attacks. While DMARC compliance is a good first step towards eradicating email fraud, it’s simply one layer, and should be supplemented with other technologies to help identify and remove threats from the web. Otherwise, once the phishing email is on an inbox, your end-users and employees are just one click away from allowing their devices to be infected and becoming a victim of fraud, perpetrated both against them and your brand.

 

 

Related Posts

5 Top Cybersecurity Questions (and Their Answers) It’s no secret that in the anti-fraud world, too many organizations are being victimized by advanced attacks that their antiquated security strategies are unequipped to tackle.
From Fraud’s Front Lines: 5 Trends You Need to Know About Here at Cyxtera, we take in pride in our machine learning technology that helps us find and take down the vast majority of phishing websites almost as soon as they go live. But for some stubborn attacks, nothing beats a human touch.

Leave a Reply

Your email address will not be published. Required fields are marked *