Security Must-Haves that Can Bust BEC Schemes

Real estate wire fraud (REWF), as we have mentioned in the past, is fundamentally a confidence game.

The fraudster gains the trust of its victims by impersonating other trusted participants in the real estate transaction through carefully constructed email spoofs. The only way to beat the fraudsters at their game is to put in place a multi-layered security protocol.

One aspect of that security protocol is to educate the players on the phishing tactics of the fraudsters, but what if you could stop the emails from reaching unsuspecting victims in the first place.

Putting in place sophisticated technical protections can stop fraudsters at the borders before they have a chance to infiltrate your system. These protections can include Domain Keys Identified Mail (DKIM), Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC).

Domain Keys Identified Mail
DKIM is an email authentication system that checks to see if an email is coming from the domain it claims to come from. Here is how it works:

• It attaches a digital signature to an outgoing email linked to the domain name.
• The inbound server checks the email to ensure it is linked to the domain’s public key.
• If it is a match, the email is allowed to go through, otherwise it is dropped.
DKIM is most effective in detecting spoofed or phishing emails because it is evaluating if the email has been faked or spoofed in some way.

Sender Policy Framework
SPF verifies if an email coming into your system was in fact sent from an established IP address. This is how it does that:

• When an email server receives an email, it sends an inquiry to the DNS records associated with the domain.
• It then verifies the IP address used is listed in the SPF email record.
• If the authentication process fails, it refuses to let the email into the system.

While SPF blocks emails based on IP address verification, it cannot determine if the message has been tampered with in any way. So in essence, it provides an authentication service that is different from DKIM.

Is one better than the other? The answer is that the two work in partnership; allies in battle who attack the fraudster from two different flanks.

Domain-based Message Authentication, Reporting and Conformance
DMARC plays a third role in this process. It allows the owner of a domain to create a policy within the DNS record to perform certain tasks that piggy-back on the work of both SPF and DKIM. For instance:

• If an email fails to pass muster with DKIM or SPF, DMARC determines how to deal with the failure.
• DMARC can let the email pass through, quarantine the email for further review or outright reject it.
• The quarantine feature allows the security team to review and identify spoofing patterns.
• In addition, it creates a report of actions taken so your security team can more effectively monitor threats.

Although each of these security protocols offer a different kind of protection, they work best when all three are working in tandem, providing the most robust protections against business email compromise scams.

At Premier One, we offer a broad range of services to help you build the defenses you need, beginning with conducting a security analysis of your network. We also protect your computers and data from viruses, partner with Barracuda Spam Filtering to protect you against spam, phishing and DoS attacks via email, and use content filter to prevent harmful and explicit content from infiltrating your network. Contact us today to learn how we can help your organization.

Share this post