Scammers use DocuSign API to send fraudulent invoices
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Business Email Compromise (BEC) attacks are now the fastest growing cyber-threat facing Australian organisations.
In this blog, we will explore how technology is being used to try and stop email-based attacks, and why these technologies are yet to offer the level of protection needed to put an end to BEC. Ultimately, these technologies do not yet have the capacity to protect organisations and more needs to be done to avoid potentially devastating financial losses resulting from email-based attacks.
The Australian Cyber Security Centre (ACSC) reports in its Annual Cyber Threat Report 2020-2021, that BEC rates are increasing faster than any other type of cyber-attack.
Last financial year saw over 4,600 BEC incidents reported to the agency, with total losses exceeding $81.5 million. Concerningly, this is a 15% increase on the previous year. Of even greater concern is the average amount lost in a successful BEC attack, which rose a whopping 54% to $50,600 over the previous year.
With the threat of BEC looming large over Australian organisations, email security has never been more important.
That’s why organisations are rushing to implement email security technologies, such as DMARC, SPF and DKIM.
Domain Message Authentication Reporting & Conformance (DMARC) is an email authentication protocol. It allows an organisation to ensure that unauthenticated emails sent out in its name are flagged as potentially illegitimate. Such emails may be blocked or sent to spam folders. This can help the organisation ensure that only genuine emails it sends out are delivered to third parties’ inboxes.
There are two main ways DMARC works to authenticate emails:
The SPF is a list of all the IP addresses associated with your organisation’s domain. This list is published in your organisation’s DNS record. Only those IP addresses listed in the SPF are authorised to send emails on behalf of your organisation. It allows an Internet Service Provider (ISP), or those receiving your emails that have DMARC set up, to identify which emails purporting to be from your organisation were sent from a legitimate IP address and are therefore authentic.
DKIM is a type of encrypted digital signature that is added to the headers of your organisation’s outgoing emails. It uses ‘private key’ and ‘public key’ cryptography to ensure illegitimate emails are not sent to third parties in your name. The digital signature is secured using a ‘private key’ that is only known to your organisation. To unlock the contents of the email, the receiver must obtain a ‘public key’ that is available in your DNS record. If a malicious actor sends spoofed emails in your name, the emails won’t include your organisation’s secret ‘private key.’ Therefore, when the recipient tries to use the ‘public key’ to access the email, it will be flagged as illegitimate.
In a world of increasingly sophisticated email-based attacks, where cyber-criminals use tactics such as email spoofing and phishing, having the ability to flag unauthenticated emails can significantly curtail the risk of BEC.
An Australian security researcher, Sebastian Salla, recently took it upon himself to see whether it would be possible to circumvent DMARC security. Specifically, Salla was attempting to:
He began by identifying and scanning 1.8 million domains belonging to Australian organisations in order to identify IP addresses that were listed in SPF records which overlapped with the public IP ranges offered by Amazon Web Services (AWS).
This allowed him to identify and take over unused IP addresses.
Armed with this information, Salla proceeded to successfully send emails from these IP addresses to 264 Australian organisations, many of them large corporations and public institutions.
What Salla demonstrated was that, irrespective of whether they had DMARC set up, each of these organisations remained exposed to potential email-based attacks such as BEC.
Among the organisations at risk include:
What this research clearly demonstrates is that current email security protocols cannot guarantee that an organisation will be protected from email-based attacks, such as BEC.
Sophisticated cyber-criminals are always on the hunt for new ways to circumvent security layers. Even with the latest DMARC security protocols set up, your organisation may still be vulnerable to an attacker who manages to find a way to circumvent such systems.
All it takes is one cleverly-designed fake email to deceive your Accounts Payable staff into transferring funds to cyber-criminals, resulting in potentially devastating financial losses.
With eftsure sitting on top of your accounting processes, even if a cyber-attacker manages to circumvent email security systems, your organisation remains protected.
Our unique platform cross-checks payment data against information sourced from over 2 million Australian organisations. This occurs in real-time, immediately prior to processing a payment.
In the event that cyber-attackers circumvent DMARC security systems, and are attempting to initiate a BEC attack against your organisation, eftsure ensures that any suspicious outgoing payments will be flagged, giving your AP team the opportunity to pause and investigate further.
Don’t rely exclusively on email security technologies such as DMARC – Contact eftsure today to learn how we can provide your organisation with an indispensable layer of defence against financial losses stemming from email-based attacks.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Fraud can strike any time, but certain periods increase your business’s vulnerability to fraudulent activities. During these times, your teams may be …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.