Combating Email Fraud Maitham Al Lawati, CISSP, CISM, CRISC, CCSP, - - PowerPoint PPT Presentation

combating email fraud
SMART_READER_LITE
LIVE PREVIEW

Combating Email Fraud Maitham Al Lawati, CISSP, CISM, CRISC, CCSP, - - PowerPoint PPT Presentation

Jun 12, 2023 177 likes •303 views

Combating Email Fraud Maitham Al Lawati, CISSP, CISM, CRISC, CCSP, CEH, ISO27001 LI General Manager Risk, Compliance & MSS ISO27001:2013 u2 Do you know that the bad guys can send spoofed emails on behalf your domain name and they can

slide-1
SLIDE 1

ISO27001:2013 Maitham Al Lawati, CISSP, CISM, CRISC, CCSP, CEH, ISO27001 LI General Manager – Risk, Compliance & MSS

Combating Email Fraud

slide-2
SLIDE 2

Do you know that the bad guys can send spoofed emails on behalf your domain name and they can be reached to your partners, customers and maybe even to your own staff?

u2

slide-3
SLIDE 3

Slide 2 u2

user, 11/4/2017

slide-4
SLIDE 4

Organizations Problems with Email

.…Fraud email is sent to customers & business partners..

1

It is difficult to identify fraudulent email.

2

‐ 100 billion spam messages globally per day ‐ 2.1 million phishing messages per day ‐ 73% of data breaches begin with a fraudulent email ‐ Phishing emails have a 70% open rate ‐ 50% of users to open phishing email will open the URL or attachment

slide-5
SLIDE 5
slide-6
SLIDE 6
slide-7
SLIDE 7

Fraud Email is the Start of a Data Breach

  • 73% of data breaches begin with fraudulent email. The below scenarios are

common methods to breach consumers devices or employee’s “bring your own devices”.

Brand Erosion Untrusted Emails Fraud Expenses

User Credential Compromise

  • URL to website to capture

login credentials

  • Compromised username &

password often reused across websites

  • Email often spoofs

YourCompany.com, YourCompamy.com,

  • r other trusted domain

Malware Installation

slide-8
SLIDE 8

Difficult for Companies to Identify Emailers

  • Outsourcing companies send email spoofing FROM:@company.com from their
  • wn IP addresses.

Good Server? Bad Server? Outsourced Business Services ‐ HR

‐ Recruiting ‐ Benefits administrators

‐ Operations

‐ Customer Service Center ‐ IT

‐ Marketing Email campaigns ‐ Sales Partners ‐ (…)

Subject: “Account is Locked” From: company.com To: customer@Gmail.com

Good Server? The IT needs to distinguish fraud emails senders vs. outsourced senders.

Subject: “10% Off” From: company.com To: customer@Gmail.com Subject: “New Benefits Website” From: company.com To: customer@Gmail.com

slide-9
SLIDE 9
slide-10
SLIDE 10

DMARC Benefits for Financial Services

Leverage DMARC Authentication to Strengthen Email Security & Brand Protection

Gain 24/7/365 Email Spoofing Visibility

Restore Trust with Consumers via email communication

Decrease Fraudulent Email Delivery to by Over 99%

slide-11
SLIDE 11

How well does it work?

slide-12
SLIDE 12

Summary of DMARC Recommendations

Recommendations 1) Have a DMARC policy goal for each domain and sub‐domain 2) Create a DMARC policy on each sub‐domain to detour spoofing 3) Predefine the advancement criteria from p=none to p=quarantine to p=reject 4) Ensure DMARC pass rate of 98% ‐ 100% before advancing the DMARC policy 5) Advance all parked domains to p=reject as a final state

Establish Monitoring with DMARC

Configure SPF & DKIM Declare DMARC Policies Increase DMARC Security

DMARC Policy Goal: ‘quarantine’

  • r ‘reject’