2-factor authentication has become more vulnerable to attacks, making DMARC even more important. Recently, a researcher in named Piotr Duszyński released an open source project that allows attackers to automate a phishing attack that bypasses 2-factor authentication. The new tool, named Modlishka, allows attacker to bypass all types of 2-factor authentication except hardware security keys […]

The Value (and Risk) of DMARC Quarantine

Protect your paycheck! Direct deposit make depositing your paycheck automatic and simple… Until something goes wrong. That’s what recently happened to several Wichita State University (WSU) employees. They received an email with a link prompting them to login using their MyWSU ID and password. As it turned out, that was a phishing email that stole […]

Email Spoofing and your Bank

Alert!! STCU is warning members about a phishing email that is circulating in an attempt to steal login credentials from members. Phishing and Your Bank According to the report, there is an “official-looking” email claiming to be from STCU (Spokane Teachers’ Credit Union) requesting that members click a link and login to their account. Instead, […]

DMARC in Higher Education

There was another news article about universities that became the targets of a phishing attack. Unfortunately, it wasn’t a very big headline since it is all too common for a university to be targeted. An article from bleepingcomputer.com stated that a group of hackers continue to primarily target universities using a variety of phishing techniques. […]

Transmitters, Senders, Forwarders, Receivers, & Reporters

Underrstanding DMARC reports: DMARC contributors

A basic DMARC report contains a list of IP address and whether those IPs passed or failed DMARC based on SPF and DKIM. Not all of the IP address belongs in a domain’s SPF record; there are other reasons for an IP to be listed on a domain’s DMARC report. When analyzing DMARC data, It […]

How to Verify an Email’s Sender

You have an email. It looks legit and you really want to click that link, but how do you verify that it’s not a phishing scam (and you’re about to give away personal information, money, or access to your accounts or computer)? Phihing is becoming increasingly common, so it’s good to know how to identify a […]

Failure/Forensic Report? What’s that?

DMARC forensic/failure reports

What is a forensic report? There are two types of DMARC reports. The aggregate reports and the failure reports (also called forensic reports). Data from aggregate reports are included most basic DMARC reports and can be viewed in Fraudmarc’s DMARC and senders reports. The failure reports are different; they provide insight into the email messages […]

The Emmy Results Really Could be Skewed

Emmys phishing 2018

Nathan, this is for you: You may have seen the video in which Nathan Fielder interviews a voting security expert who describes a scenario that could be used to skew the results of the Emmys. The plan is very detailed and easy to carry out, although slightly complex. That may have left you with a […]

How to send a Spoofed Email

how to send a spoofed email

Sending an email from an email account that you don’t control is called email spoofing. The problem with spoofed messages compared to other phishing messages (e.g. Nigerian Prince schemes) is that spoofed emails usually impersonate someone the recipient trusts. Essentially, the attacker is claiming the “sender’s” identity and abusing their credibility to trick the victim […]

Why You have to Wait for DMARC

Why you have to wait for DMARC Reports

You just finished setting up DMARC for your domain. Congratulations! You’re on your way to securing your domain. Now, you have to… wait a little… We all hate waiting, but it this case it’s necessary to wait at first. DMARC has two main functions- reporting (for monitoring and configuration) and conformance (for controlling unauthenticated email). […]

Challenge: Does DMARC Really Increase Email Security?

DMARC improves Email Security

We’ve been helping businesses with SPF, DKIM, and DMARC for years, so we’ve heard a lot about it. People like to make outrageous claims about it. As a result, there’s a lot of misinformation out there. We recently came across a claim we hadn’t heard before. This time, the claims are based on how DMARC […]

A Brief History of DMARC

A brief history of DMARC

Fraudmarc is changing the way business think about email authentication by providing universal access to DMARC through free tools, free and paid options of hosted plans, and Fraudmarc CE, the open source version of Fraudmarc’s DMARC report processing. Fisrt the was emails, the phishing. SPF and DKIM didn’t complete solve the problem, so DMARC was […]

How Fraudmarc Is Spreading DMARC Across the Internet

Fraudmarc white paper

DMARC. It solves a widespread and costly problem, and it’s been around for over 6 years. So why is it still rare for domains to use its protection? Several factors interfere with proper DMARC implementation- It’s not well understood, the internet doesn’t always offer the best advice concerning DMARC, the default reports are not very […]

Fraudmarc CE: Open Source DMARC

Fraudmarc CE- Open Source DMARC reporting

 DMARC has been around since 2012, yet adoption is still below 0.1% across the Internet… and spoofed emails still plague many businesses, damaging brand reputations and cause substantial loss. DMARC’s value as a security measure is widely recognized; governments have mandated it of their agencies and tech companies who have DMARC policies have demonstrated its […]

What DMARC Can (& Can’t) Do for Domains

Every domain should implement DMARC; it solves many email security problems. However, like all solutions, it has some limitations. It can’t completely protect domains from every type of phishing scheme or social engineering attack. As an open Internet protocol, DMARC is very cleared defined. It is a powerful tool for protecting brand identity. However, if […]

How to Implement a Reject Policy

If you don’t have a DMARC Reject policy on your domain, you’re not alone—97% of Fortune 500 companies don’t have a Reject policy, either. Following some basic guidelines can make implementing a Reject policy easier. Here’s what you can expect. (NOTE: before starting, it helps to know a little about these policies. If you want […]

DMARC and State Governments

DMARC and state governments

You may have heard that the DHS mandated DMARC for all federal agencies last year. Many federal agencies are still working on it, despite the expired deadline. But what about state governments? There has been no mandate for state governments. We wanted to find out what states are doing (if anything) to protect their domains […]

Phishing Poses the Biggest Threat to Your Email According to a Google Study

It’s highly likely that you or someone you know has had a personal email or social media account hijacked at some point. Once hijackers gain access, they often then send out messages to your entire contact list to gain control of their accounts too. Such attacks expose a ton of sensitive personal data. Hijackers use […]

WARNING: Phishing attacks likely for Tax-Related Service Providers!

Tax related phishing scams

According to a study by the Global Cyber Alliance, some of the top tax-related services providers don’t secure their domains with DMARC, leaving them open to phishing attacks. Fraudmarc examines the email security scores of many top tax related service providers. Email Authentication and Tax-Related Companies DMARC has been around for almost a decade, and […]

Understanding Fraudmarc’s Email Security Scores

Fraudmarc ranks the security of every domain’s email using an Email Security Score. You check the Email Security Score of any domain here. Why Evaluate Email Security? As phishing attacks  become more sophisticated and frequent, email security is more important than ever. Fortunately, there are email authentication protocols exist to help businesses secure their domains […]

The Growing Risk of Phishing Attacks On Your Cryptocurrency Wallet

According to CoinMall, there are 4 ways that you could lose your cryptocurrency to phishing: email phishing, ads phishing, chat phishing, and unconventional methods (SMS phishing and targeted social engineering attacks). All of these phishing methods involve an attempt to trick you into entering your sensitive data into a malicious website. Mass email phishing and […]

Netflix’s use of DMARC reduced damage from huge email scam

Netflix phishing attack November 2017

You may be aware that, last Friday, scammers sent out a phishing email to up to 110 million Netflix subscribers. The email included a link to a fake Netflix website that asked users to login and enter their credit card information. However, a clear indication of a scam can be found higher up on this […]