The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: DMARC

How to Fight Business Email Compromise (BEC) with Email Authentication?

How to Fight Business Email Compromise (BEC) with Email Authentication?

February 22, 2021The Hacker News
An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets. It is a common misconception that cybercriminals usually lay their focus on MNCs and enterprise-level organizations. SMEs these days are just as much a target to email fraud as the larger industry players. How Can BEC Affect Organizations?  Examples of BEC include sophisticated social engineering attacks like phishing, CEO fraud, fake invoices, and email spoofing, to name a few. It can also be termed an impersonation attack wherein an attacker aims to defraud a company by posing people in authoritarian positions. Impersonating people like the CFO or CEO, a business partner, or anyone you will blindly place your trust in is what drives these attacks' success. February of
How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain

How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain

December 07, 2020The Hacker News
21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities. In 2020 alone, a survey revealed that  65% of US-based companies were vulnerable to email phishing and impersonation attacks . This calls for upgrading your organization's security with DMARC, which if not implemented, will enable cyber-attackers to: Instigate money transfers from vulnerable employees via spoofed emails while impersonating senior executives in your company Send fake invoices to your employees and partners Deal in illegal goods via your domain  Spread Ransomware Impersonate customer support to steal confidential customer or partner information Such situations can have long-lasting consequences on your business. From inflicting a blow on thebrand's reputation and credibility among its partners and customer base to loss of valuable company information and millions of dollars, the risks are countless. What is Domain Spoofing? Domain
MailSploit — Email Spoofing Flaw Affects Over 30 Popular Email Clients

MailSploit — Email Spoofing Flaw Affects Over 30 Popular Email Clients

December 05, 2017Mohit Kumar
If you receive an email that looks like it's from one of your friends, just beware! It's possible that the email has been sent by someone else in an attempt to compromise your system. A security researcher has discovered a collection of vulnerabilities in more than 30 popular email client applications that could allow anyone to send spoofed emails bypassing anti-spoofing mechanisms. Discovered by security researcher Sabri Haddouche , the set of vulnerabilities, dubbed MailSploit , affects Apple Mail (macOS, iOS, and watchOS), Mozilla Thunderbird, several Microsoft email clients, Yahoo Mail, ProtonMail, and others. Although most of these affected email client applications have implemented anti-spoofing mechanisms, such as DKIM and DMARC, MailSploit takes advantage of the way email clients and web interfaces parse "From" header. Email spoofing is an old-school technique, but it works well, allowing someone to modify email headers and send an email with the fo
Yahoo's New DMARC Policy Destroys Every Mailing List across the World

Yahoo's New DMARC Policy Destroys Every Mailing List across the World

April 08, 2014Wang Wei
Yahoo! The one who enabled the HTTPS connections by default from the beginning of this year, the one who encrypts traffic moving between its data centers from 31st March , now has been accused of harming every  Mailing List  across the world. Experts from the Internet Engineering Council John R. Levine , specialized in email infrastructure and spam filtering claimed this in the post titled " Yahoo breaks every mailing list in the world including the IETF's. " on Internet Engineering Task Force (IETF). Yahoo has established a new rule to automatically exclude Yahoo users from the mailing list, because Mailing List server does not comply with DMARC requirements and they strongly modifies each email. He talks about an " emerging e-mail security scheme " known as Domain-based Message Authentication, Reporting and Conformance (DMARC) that has been implemented by almost every largest email service providers, including Gmail, Hotmail, Comcast, and Yahoo. DMARC helps to reduce the p
Twitter added DMARC support to prevent email phishing

Twitter added DMARC support to prevent email phishing

February 22, 2013Mohit Kumar
Twitter announced via its blog today that it has begun using a new method called Domain-based Message Authentication, Reporting and Conformance (DMARC) to help prevent email phishing. DMARC is actually a standard for preventing email spoofing, in order to make it harder for attackers to send phishing emails that appear to come from twitter.com addresses. Sometimes it's not easy to figure out if an email is legitimate or not. It implementing the SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) email message validation and authentication systems. Twitter says it started using the DMARC earlier this month. While the DMARC specification does need support from e-mail services, outfits including AOL, Gmail, Hotmail or Outlook and Yahoo already make use of it. It has also been implemented by services like Facebook, PayPal, Amazon and now Twitter. If you don't use Gmail or one of the other email providers listed above, you may not be protected. It might be
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.