Enforcement rules for DMARC for optimum protection against phishing and spoofing
by DuoCircle
Just like SPF offers domain owners the choice between Softfail and Hardfail, DMARC has three enforcement rules: none, quarantine, and reject. Each has its own significance and relevance in the DMARC compliance journey.
Microsoft Alerts Millions, War Expands Globally, Salt Typhoon Surge – Cybersecurity News [January 06, 2025]
by DuoCircle
Ensuring proper cybersecurity is at the top of every organization’s agenda this year. That explains why Microsoft cautions its Windows 10 users and asks them to upgrade their PC’s OS before the 14 October 2025 deadline. However, even the most robust cybersecurity strategies might seem inadequate, especially as three more telecoms become victims of the Salt Typhoon.
Understanding everything about DMARC records and tags
by DuoCircle
Email security is a growing concern for businesses and individuals alike. Increased email spoofing and phishing attempts have made it crucial to implement security measures to safeguard communication channels. One such powerful tool to protect email communications is DMARC or Domain-based Message Authentication Reporting and Conformance. Its job is to authenticate email messages and take suitable action against unauthorized emails. The DMARC policy works in coordination with SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) protocols.
What is Apple Business Mail and how can you set it up using Apple Business Connect
by DuoCircle
Apple Mail is not very prominently used in business emails because, unlike Gmail, Yahoo, and other mailboxes, it doesn’t support BIMI. However, Apple has taken the initiative to resolve this issue. With the latest iOS 18.2 update, Apple is now letting its users send branded emails that carry their unique identity. In simple words, you can send emails that show your brand logo and name, just like BIMI. This is done to build trust among companies regarding email authentication.
Apple Mail is not very prominently used in business emails because, unlike Gmail, Yahoo, and other mailboxes, it doesn’t support BIMI. However, Apple has taken the initiative to resolve this issue. With the latest iOS 18.2 update, Apple is now letting its users send branded emails that carry their unique identity. In simple words, you can send emails that show your brand logo and name, just like BIMI. This move enhances email security and builds trust among companies regarding email authentication.
The New Year is the time for resolutions. Individuals and organizations must focus on cybersecurity and resolve to take proactive steps to prevent cybercrime. Data breaches have become increasingly frequent. With people increasingly using smartphones to access the internet, securing these instruments should be paramount. In the face of rising cyber threats, ensuring robust email security on your devices, such as conducting security checks on Android and iPhones, is a vital step to safeguarding your personal and organizational data from breaches and attacks.
The emails you send out to your clients have the potential to transform your business. Although you might already know this, what you might not be aware of is that not all your emails reach your recipients’ inboxes. Instead of landing in the inbox where the recipient can read and engage with the email, some emails might get flagged as spam or, worse, fail to deliver altogether. There are many reasons this could happen, but the most common reasons that Email Service Providers (ESPs) flag your emails are improper authentication, suspicious activities, or malicious actors attempting to spoof your domain. These are some of the last things you would want for your emails.
Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing – Cybersecurity News [December 23, 2024]
by DuoCircle
The year 2024 is ending, but unfortunately, cybercrime never ends. Criminals are always on the look out for innovative ways to scam user accounts and steal data. So, service providers have their tasks cut out and keep users in the loop about the various security measures they initiate. Microsoft has taken the lead in adopting greater transparency in cybersecurity matters. This week, we shall also discuss the various Google Support Services criminals use to launch cyberattacks. Finally, we round off 2024 and welcome the new year 2025 by listing cybersecurity trends users must watch out for to secure their credentials and prevent them from being compromised.
Cybercriminals are intelligent and innovative, proactively searching for notorious ideas to launch their cyberattacks. This week’s news article discusses two innovative methods that threat actors consider, the crypto-romance scammers and the digital arrest scam. Nowadays cyber attackers are willing to target almost anything, we will learn about the two attacks that targeted on an online doughnut chain and an auto parts company. Hence, efforts are being made on grounds of user awareness and system updates that should help prevent such attacks. But downloading and installing updates can also be confusing so we have also discussed whether to download the latest Microsoft system update or not. Read on to learn more.
Preventing phishing, spoofing, and ransomware attacks with DKIM records
by DuoCircle
Here’s a reality check— your email ecosystem is not secure enough!
Scammers are everywhere, prying on your outgoing emails, trying to intercept them, and convincing your clients that those emails are genuinely from you—a classic tactic that threat actors use to carry out their malicious scams. Lately, these techniques have become more sophisticated and common.
Windows Vulnerability Patched, Gmail Takeover Threat, PIH Health Ransomware – Cybersecurity News [December 09, 2024]
by DuoCircle
Zero-day vulnerabilities are the most critical because no one knows about them unless they are discovered. Therefore, malicious actors have greater chances of exploiting them before corrective measures are initiated. In this week’s news section, we shall discuss some zero-day vulnerabilities and the measures software producers take to mitigate the risks.
You probably already know that your logo is one of the biggest assets your brand owns, but wouldn’t it be great if it showed next to your emails in the inboxes of your recipients? The way to make that happen is BIMI, which stands for Brand Indicators for Message Identification. BIMI lets your logo show up next to your emails when they land in the recipient’s mailbox, which will help your brand stand out and build trust with your audience.
DKIM stands for DomainKeys Identified Mail, a cryptography-based email authentication protocol that helps receiving servers verify if an email sent from your domain was tampered with in transit. If you have DKIM deployed for your domain, then your server will affix a digital signature to the header with each outgoing email. This is a cryptographically secured signature that is produced using a private key that is known only to you. The counterpart of the private key is a public key, which is published in the DNS of your domain.
Banshee Stealer Unveiled, Corrupted Word Phishing, AI Voice Scams – Cybersecurity News [December 02, 2024]
by DuoCircle
The cybercriminal breed is expanding at a tremendous rate, necessitating urgent remedial measures from the relevant involved parties. Cybercriminals are also upscaling their operations and taking sufficient precautionary measures to prevent getting caught. Unfortunately, the public, who end up as unsuspecting victims, needs to pull up their socks and act responsibly to avoid becoming victims of cybersecurity fraud. This week’s cybersecurity news focuses on these aspects and aims to educate people to become more aware of the ever-evolving cyber threat landscape.
A 90-year-old man lost 1.15 crores (approx. $0.14 million USD) worth of life savings to digital arrest scammers who were arrested!
by DuoCircle
The entire world came crashing down for a Gujarat-based, 90-year-old man when a group of scammers got in touch with him under the pretext of digital arrest. They wiped away 1.15 crores worth of life savings while posing as Central Bureau of Investigation (CBI) officers, Mumbai police, and Enforcement Directorate (ED) officers. However, due to the awareness of the relatives and the agility and expertise of authorities, five threat actors got arrested red-handed as they withdrew a part of the scammed money.
How are DMARC enforcement and DMARC reporting different?
by DuoCircle
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is one of the most powerful tools that security teams rely on to combat email-based attacks such as phishing, spoofing, and Business Email Compromise (BEC). Essentially, this tool enables domain owners to protect their domains from scammers by specifying how emails should be handled if they fail authentication checks. But the best part about DMARC is that it goes beyond enforcing policies to block malicious emails; it gives you insights into all that’s going on with your domain and its email traffic. We are talking about the reporting aspect of DMARC, which works hand-in-hand with enforcement to create a complete email security system.
5 efficient email security techniques for advanced persistent threats
by DuoCircle
An advanced persistent threat (APT) is a sophisticated, prolonged cyberattack in which a malicious actor gains access to a network and remains undetected for an extended period. This type of cyberattack is often motivated by political, financial, or strategic interests and aims to steal sensitive data, disrupt operations, or conduct espionage.
In this week’s cyber update, let’s examine the following case scenarios closely: a significant email data breach affecting multiple healthcare organizations, the discovery of a new Wi-Fi exploit used in targeted attacks, a malware campaign exploiting an outdated Avast driver, a high-profile extortion campaign targeting cloud storage platforms, and recent intrusion attempts on telecom infrastructure. These headlines are followed by matter-expert suggestions highlighting best practices one could follow to mitigate potential risks in the future.
How do we fix the custom domain configuration problems for Azure Email Communication?
by DuoCircle
Email deliverability is the backbone of email marketing campaigns; your effort in strategizing and executing the campaign will go to complete waste if half of your emails don’t reach the inboxes of the intended recipients. If you have deployed email authentication protocols like SPF and DKIM and ensured their TXT records aren’t amiss, receiving mail servers will consider emails sent from your domain by authorized senders as genuine and, hence, will not hesitate to place them in the inboxes.