As advanced security solutions make it more challenging for traditional malware and other attacks to succeed, cybercriminals are increasingly turning to domain spoofing and artificial intelligence (AI) to create more sophisticated and convincing phishing attacks. Recently, the North Korean cybercrime group Kimsuky demonstrated how dangerous domain spoofing can be when poorly configured Domain-based Message Authentication, Reporting & Conformance (DMARC) policies are used to run spear-phishing campaigns. 

Effective DMARC email authentication can help prevent domain spoofing by safeguarding email domains from unauthorized use and brand impersonation. This protection is critical because unauthorized domain usage can jeopardize your brand’s integrity and negatively affect the deliverability of legitimate emails from your business, ultimately damaging your reputation.

The Rising Threat of Domain Spoofing

Domain spoofing is a deceptive tactic where attackers forge the sender’s domain in an email header to impersonate trusted organizations. This method is often used to bypass basic security controls and deceive recipients into falling for phishing schemes.

Some examples of where Barracuda researchers have observed domain spoofing include:

• Fake invoice scams. Cybercriminals spoof the domain of a popular vendor to send fraudulent invoices to accounts payable teams at target organizations. The email contains convincing details, including authentic-looking branding and links that redirect to malicious sites. Employees trust the email due to its perceived authenticity and legitimate-looking email address.  And transfer funds to a fraudulent account.
• Conversation Hijacking. Fake invoice scams can be escalated with a conversation hijacking technique, where threat actors infiltrate email accounts to observe and manipulate ongoing conversations. By exploiting trusted threads, attackers send convincing emails that often rely on domain spoofing to redirect payments, steal sensitive information, or distribute malware.
• Business Email Compromise (BEC) attacks. Cybercriminals spoof the email address of a company’s CEO or other executives to send urgent requests for wire transfers or sensitive employee data to the finance or HR department. The targeted employees feel compelled by the sender’s authority and act quickly, resulting in financial loss or data breaches.

DMARC, when used as part of a multi-layered approach to securing email, is one of the most effective tools for protecting against domain-spoofing attacks that include phishing-as-a-service, targeted attacks using social media and communication analysis, and QR code and Blob URI (uniform resource identifier) attacks. 

The Benefits of DMARC for MSPs and Their Clients

DMARC uses the Domain Name System (DNS), DomainKeys Identified Mail (DKIM), and Sender Policy Framework (SPF) to verify email senders. The DMARC protocol then tells receiving servers what to do when an email doesn’t pass authentication checks and generates reports to identify authentication problems or malicious activity.

Yet, even though it has been almost a year since Google and Yahoo began requiring organizations sending over 5,000 email messages through their platforms to use DMARC. Prior to that, the adoption of DMARC was optional, and most organizations didn’t use it. According to Google, since the mandate, there has been a 65 percent reduction in unauthenticated emails to Gmail – that’s hundreds of billions of fewer unauthenticated messages globally.

While DMARC adoption has increased significantly, many organizations (particularly smaller ones) still haven’t deployed the protocol. For MSPs, particularly those with a large client portfolio of SMBs, this represents a significant opportunity to help increase email security while offering clients a way to protect their brands against spoofing.

DMARC is one of many tools companies can use to protect their brand and reputation. When used alongside automated anomaly detection, security awareness training, and other protective measures, it enhances an organization’s overall security posture. As part of a comprehensive email protection solution, a tool like Barracuda Domain Fraud Protection can provide enhanced protection while eliminating the complexity and difficulty of a DMARC implementation. 

There are many benefits to DMARC, in addition to its protection against phishing. First, DMARC compliance ensures that an organization’s outgoing emails are deliverable. It also helps protect a brand’s reputation since it is less likely that the company domain will be spoofed in ways that could result in recipients placing you on an email blacklist. DMARC also offers visibility into who is sending emails on your behalf (either legitimately or fraudulently). 

MSPs can provide added value by helping customers configure their DKIM and SPF to ensure legitimate emails can be delivered every time while streamlining the process of protecting against malicious emails.

Domain spoofing presents a dual threat – it makes phishing emails more convincing and effective, and the domain owner faces damage to their reputation, brand, and ability to leverage email delivery to conduct business effectively. 

DMARC offers a way to prevent bad actors from trading on legitimate domains while adding a robust cybersecurity protection layer.

Olesia Klevchuk is Product Marketing Director for Barracuda.