Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Digital currency discovery platform eradicates the threat of phishing attacks

A case study on implementing DMARC – by Rahul Powar, Co-Founder Red Sift

Since the creation of bitcoin in 2009, the concept of digital currency has at times divided the public.

Yet despite the sceptics and the naysayers, today, there are over 1100 different types of cryptocurrencies. Funds are raised for currencies via Initial Coin Offerings (ICOs) and ICO platforms maintain the listings of all active and upcoming ICOs.

The financial services industry has already been on high alert for cybersecurity attacks for years; adding this digital currency dimension further intensifies the concern. The only way to steal these assets is to hack the digital wallet or hack the mining pools, and once stolen, the ‘transaction’ cannot be undone.

Pittsburgh-based ICO Alert promotes the digital currencies for companies wishing to raise money through ICOs. It’s therefore essential that the company’s communications are trusted – as the number of ICOs grow, so too does the potential for fraud and scams.

ICO Alert is a go-to source for information regarding active and upcoming ICOs and sends and receives thousands of emails a week. Inevitably, some of their clients have been subject to phishing attacks as they’ve grown in prominence, receiving emails purporting to come from ICO Alert asking them to carry out financial transactions. As Rob Finch, CEO of ICO Alert explains, “Our email domain was spoofed and one of our clients was sent an email highlighting the specifics of a deal. The email that was sent was a perfect fake – they’d used my headshot, my email signature, and of course they’d impersonated my sender address. Luckily, we were able to intercept this deal, but we did have a couple of clients that were affected by a similar scam. We were quick to resolve the financial ramifications, but knew that we needed to bolster our existing email protection.”

Rob already had DKIM implemented, a protocol that verifies if an email is sent from a valid source by using encryption in the header of an email. But with reports of email impersonation, Rob quickly realised he also needed to implement SPF, a tool that verifies if an email is sent from a valid IP address. However, his research highlighted that neither enforced the policies so there was still potential for the ICO Alert domain to be spoofed.

Consequently, Rob started looking more deeply into the nature of the phishing attacks. He knew there had to be a way to prevent email spoofing. It was at this point he discovered DMARC – an email protocol that combines the authentication that SPF and DKIM provide to enforce an authentication policy. DMARC has been around for several years but awareness is low – astonishing given that it can potentially solve the problem of email impersonation for every organisation on the planet. Understandably, Rob was intrigued by what he found.

While DMARC is a free-to-implement protocol, services to make implementation simpler, and management easier, are available to organizations of any size. With DMARC fully deployed with external support, Rob was able to establish a policy whereby only emails from ICO Alert’s domain that passed the SPF or DKIM authentication would be DMARC-validated and would thus reach the intended recipient.

Furthermore, ICO Alert, like many other organizations of its size, sends email from multiple email services, including up to 250,000 emails from its domain each year and a further 750,000 emails being sent through MailChimp. To maintain its strong brand reputation, it was vital to ICO Alert that emails which weren’t sent directly from its domain were able to carry the same guarantee of authenticity, a concern quickly resolved with DMARC – reports generated via the protocol are able to determine which domains are correctly configured and which, if any, are spoofing yours.

Once DMARC was implemented and configured to reject emails that weren’t fully authenticated – all within two weeks – ICO Alert was seeing 100% deliverability rates and experiencing zero bouncebacks, via its MailChimp campaigns too.

By setting up DMARC, Rob concludes, “Not only has it given us complete confidence in the deliverability of our email campaigns, but now our clients can also be confident in the legitimacy of the communications they receive from ICO Alert.”