Tech Radar reported:
Attackers can then leverage it by sending emails from outside the company but using the company’s own domain as the sender. Because the system doesn’t fully reject failed checks, the email is accepted and marked as “internal.”
Criminals can also copy internal patterns, such as using an employee’s real address in both the sender and recipient fields or familiar display names like IT or HR.
The resulting message looks like a legitimate internal email, making it more likely for the victims to take the bait.
Click to read the original article here.
...Microsoft explained that crooks are taking advantage of how some companies route email and how they set up their security checks. Normally, email systems use checks like SPF, DKIM, and DMARC to confirm that a message really comes from the organization it claims to be from.
In complex setups (such as when email passes through third-party services or on-prem servers) these checks are sometimes weak or not strictly enforced.
In complex setups (such as when email passes through third-party services or on-prem servers) these checks are sometimes weak or not strictly enforced.
Attackers can then leverage it by sending emails from outside the company but using the company’s own domain as the sender. Because the system doesn’t fully reject failed checks, the email is accepted and marked as “internal.”
Criminals can also copy internal patterns, such as using an employee’s real address in both the sender and recipient fields or familiar display names like IT or HR.
The resulting message looks like a legitimate internal email, making it more likely for the victims to take the bait.
Click to read the original article here.
Key Takeaway: Use authentication by asking identifying questions when responding to inquiries via email or accepting vendor setup documents - even if it appears it's coming from an internal team member. Take the free Authentication section of the AVM Workshop.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat