TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

E-Mail

Protect Your Business From Email Fraud With DMARC

Email is the backbone of modern business, but it’s also one of the easiest ways for cybercriminals to attack.

If you’ve ever received a fake email that looks like it came from a trusted company, you know how convincing these scams can be. Worse, what if scammers used your business’s email to trick your customers?

That’s exactly what happens with email spoofing—when hackers send emails pretending to be from your domain to steal information, spread malware, or commit fraud. The result? Lost trust, damaged reputation, and even financial losses.

Fortunately, there’s a solution: DMARC (Domain-based Message Authentication, Reporting, and Conformance).

What is DMARC?

DMARC is a security standard that protects your business from email spoofing and phishing attacks. It ensures that emails sent from your domain are legitimate and blocks fraudulent emails before they reach customers, vendors, or employees.

Think of it like a security checkpoint for your email. Only verified messages get through, while fake ones get stopped.

Why your business needs DMARC

Many business owners believe email fraud is only a problem for large corporations. But in reality, small and mid-sized businesses are prime targets because they often lack strong security measures.

Without DMARC:

Your emails could be marked as spam – Clients and vendors may never see important messages like invoices or proposals.

Scammers can impersonate your company – Fraudsters can send emails pretending to be from your business, putting your reputation at risk.

You could face compliance and legal issues – Industries like finance, healthcare, and retail are tightening cybersecurity requirements, and failing to secure your email could lead to penalties.

With DMARC, you can:

Prevent email fraud and phishing attacks – Keep criminals from impersonating your business.

Ensure your emails get delivered – No more important messages going to spam.

Protect your reputation – Customers and partners will trust that emails from your domain are legitimate.

Stay ahead of security compliance – Meet industry regulations and avoid costly fines.

Why DIY isn’t the best option

Implementing DMARC is not as simple as flipping a switch. If done incorrectly, it could accidentally block legitimate emails from reaching their destination.

It requires careful setup, monitoring, and ongoing adjustments to ensure your emails are secure but still get delivered. This is where Tech Experts comes in.

How Tech Experts can help

At Tech Experts, we specialize in setting up and managing DMARC policies to keep your business protected without disrupting your communication. Our process includes:

Proper setup – We configure DMARC correctly to secure your domain while ensuring your real emails don’t get blocked.

Ongoing monitoring – We track and analyze email activity, making adjustments as needed.

Compliance & best practices – We ensure your business stays in line with security regulations and industry standards.

Peace of mind – You can focus on running your business while we handle the technical details.

Don’t wait until it’s too late

Cybercriminals are getting smarter, and email-based scams are on the rise. Don’t wait for a phishing attack to damage your business. Protect your email, your reputation, and your customers with DMARC.

Ready to secure your business email?

Tech Experts can help. Contact us today at (734) 457-5000, or email us at info@mytechexperts.com, to set up your DMARC protection and keep scammers out of your inbox.

Six Simple Steps to Enhance Your Email Security

Email is a fundamental communication tool for businesses and individuals alike. But it’s also a prime target for cybercriminals. Cyberattacks are increasing in sophistication. This means enhancing your email security has never been more critical.

By taking proactive measures, you can protect your sensitive information as well as prevent unauthorized access and maintain communication integrity. Here are six simple steps to enhance your email security.

Use strong, unique passwords

Passwords are the first line of defense for your email accounts. A weak password is like an open invitation for cybercriminals. To enhance your email security, use strong, unique passwords. Ones that are difficult to guess.

Consider using a password manager. Remembering several complex passwords can be challenging. A password manager can help you generate and store unique passwords for all accounts. With a password manager, you only need to remember one master password. This simplifies the process while enhancing security.

Enable two-factor authentication (2FA)

Two-factor authentication (2FA) adds an extra layer of security to your email accounts. Even if someone gets hold of your password, they won’t be able to access your account. They would need the second factor of authentication to do that.

Enable 2FA for all your email accounts. Most email providers offer this feature and setting it up usually takes just a few minutes. This simple step significantly improves your email security.

Be cautious with email attachments and links

Email attachments and links are common vectors for malware and phishing attacks. Clicking on a malicious link or attachment can give attackers access to your system. Exercise caution to protect your email security.

Before opening an attachment or clicking on a link, verify the sender’s identity. If you receive an unexpected email from someone you know, contact them. But do it through a different channel to confirm they sent it. For emails from unknown senders, exercise extra caution.

Keep your email software updated

Software updates often include security patches that address vulnerabilities in your email client. Keep your email software updated. This ensures you have the latest protections against known threats.

Most email clients and operating systems offer automatic updates. Enable this feature. It ensures your software stays up to date without requiring manual intervention. Automatic updates reduce the risk of missing critical security patches.

Use encryption for sensitive emails

Encryption adds a layer of protection to your emails. It encodes the content, making it readable only by the intended recipient. This ensures that even intercepted email information remains secure.

If you’re sending encrypted emails, make sure the recipients know how to decrypt them. Provide clear instructions about how to access the encrypted content securely.

Watch your email activity

Regularly monitoring your email activity can help you detect suspicious behavior early. By keeping an eye on your account, you can take swift action if something seems off.

Many email providers offer activity alerts. They notify you of unusual login attempts or changes to your account settings. Enable these alerts to stay informed about your account’s security status.

Review your email account activity on a regular basis. This includes login history and devices connected to your account.

You’d Be Lost Without It, So Don’t Forget Email Security

Let’s talk about something super important: Email security. Yep, we know it might not sound like the most thrilling topic, but it’s a big deal. Businesses like yours face more cyber threats than ever.

We’ve seen our fair share of cyber attacks, and let us tell you, many of them start with a simple email (official figures say it’s a massive 90%!). Yep, that innocent-looking message in your inbox could be the gateway for cyber criminals to wreak havoc on your business.

So, why is keeping your business email secure so important? Well, for starters, it’s your first line of defense against cyber attacks. Think of it like locking the front door of your house to keep out intruders.

If your email is secure, you’re making it a whole lot harder for cyber criminals to sneak in and steal your sensitive data.

But implementing proper email security measures safeguards your valuable data from getting lost or falling into the wrong hands.

It’s not just cyber criminals you’re at risk from; an employee could accidentally leave a laptop on a train or in a coffee shop.

That could mean all your important business communications and documents were suddenly open for someone else to read. It would be a nightmare, right?

You might be thinking, “But I’m just a small business. Why would I be a target?” Ah, but here’s the thing – cyber criminals don’t discriminate based on business size.

In fact, small and medium-sized businesses are often seen as easier targets. That’s because they may not have the same level of security measures in place as larger corporations.

So, don’t think you’re off the hook just because you’re not a Fortune 500 company.

Now that we’ve established why email security is crucial, let’s talk about how you can ramp up your defenses.

First off, use strong, unique passwords for your email accounts. None of that “p@ssW0rd123” nonsense, please.

Better still, use a password manager to create and store uncrackable passwords.

Consider implementing two-factor authentication for an extra layer of security (where you generate a login code on another device to prove it’s you).

And don’t forget to keep your software and security patches up to date – those updates often contain important fixes for vulnerabilities that cyber criminals love to exploit.

Lastly, educate your employees about the importance of email security. They could be your strongest defense or your weakest link when it comes to keeping your business safe from cyber threats.

Teach them how to spot phishing emails (emails pretending to be from someone you trust) and what to do if they suspect something isn’t right.

Remember, a little prevention now can save you a huge headache, time, trouble (and money) later. If we can help with that, get in touch.

Google & Yahoo’s New DMARC Policy – Why Businesses Need Email Authentication

Have you been hearing more about email authentication lately? There is a reason for that. It’s the prevalence of phishing as a major security threat. Phishing continues as the main cause of data breaches and security incidents. This has been the case for many years.

A major shift in the email landscape is happening. The reason is to combat phishing scams. Email authentication is becoming a requirement for email service providers. It’s crucial to your online presence and communication to pay attention to this shift.

Google and Yahoo are two of the world’s largest email providers. They have implemented a new DMARC policy that took effect in February 2024. This policy essentially makes email authentication essential. It’s targeted at businesses sending emails through Gmail and Yahoo Mail.

But what’s DMARC, and why is it suddenly so important?

The email spoofing problem

Imagine receiving an email seemingly from your bank. It requests urgent action. You click a link, enter your details, and boom – your information is compromised. The common name for this is email spoofing.

It’s where scammers disguise their email addresses. They try to appear as legitimate individuals or organizations. Scammers spoof a business’s email address. Then they email customers and vendors pretending to be that business.

These deceptive tactics can have devastating consequences on companies. These include:

  • Financial losses
  • Reputational damage
  • Data breaches
  • Loss of future business

Unfortunately, email spoofing is a growing problem. It makes email authentication a critical defense measure.

What is email authentication?

Email authentication is a way of verifying that your email is legitimate. This includes verifying the server sending the email. It also includes reporting back unauthorized uses of a company domain.

Email authentication uses three key protocols, and each has a specific job:

  • SPF (Sender Policy Framework): Records the IP addresses authorized to send email for a domain.
  • DKIM (DomainKeys Identified Mail): Allows domain owners to digitally “sign” emails, verifying legitimacy.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Gives instructions to a receiving email server including, what to do with the results of an SPF and DKIM check. It also alerts domain owners that their domain is being spoofed.

SPF and DKIM are protective steps. DMARC provides information critical to security enforcement. It helps keep scammers from using your domain name in spoofing attempts.

Why Google & Yahoo’s new DMARC policy matters

Both Google and Yahoo have offered some level of spam filtering but didn’t strictly enforce DMARC policies.

Starting in February 2024, the new rule took place. Businesses sending over 5,000 emails daily must have DMARC implemented.

Both companies also have policies for those sending fewer emails. These relate to SPF and DKIM authentication.

Look for email authentication requirements to continue and be more strictly enforced. You need to pay attention to ensure the smooth delivery of your business email.

The benefits of implementing DMARC include:

  • Protects your brand reputation
  • Improves email deliverability
  • Provides valuable insights

Learn How To Fight Business Email Compromise

A significant cyber threat facing businesses today is Business Email Compromise (BEC). BEC attacks jumped 81% in 2022, and as many as 98% of employees fail to report the threat.

What is business email compromise (BEC)?

BEC is a type of scam in which criminals use email fraud to target victims. These victims include both businesses and individuals. They especially target those who perform wire transfer payments.

BEC attacks are usually well-crafted and sophisticated, making it difficult to identify them. The attacker first researches the target organization and its employees online. They gain knowledge about the company’s operations, suppliers, customers, and business partners.

The scammer pretends to be a high-level executive or business partner. Scammers send emails to employees, customers, or vendors.

These emails request them to make payments or transfer funds in some form.

The email will often contain a sense of urgency, compelling the recipient to act quickly. The attacker may also use social engineering tactics. Such as posing as a trusted contact or creating a fake website that mimics the company’s site. These tactics make the email seem more legitimate.

According to the FBI, BEC scams cost businesses about $2.4 billion in 2021.

These scams can cause severe financial damage to businesses and individuals. They can also harm their reputations.

How to fight business email compromise

BEC scams can be challenging to prevent. But there are measures businesses and individuals can take to cut the risk of falling victim to them.

  • Educate employees
  • Enable email authentication
  • Deploy a payment verification processes
  • Check financial transactions
  • Establish a response plan
  • Use anti-phishing software

Get ready for the unexpected

If your business suffers an email compromise or a ransomware attack tomorrow, do you have a contingency plan in case of any disasters? The unexpected can happen anytime, and small businesses can get hit particularly hard.

Here are ten helpful tips to get ready for anything:

  1. Create a contingency plan
  2. Maintain adequate insurance coverage
  3. Diversify your revenue streams
  4. Build strong relationships with suppliers
  5. Keep cash reserves
  6. Build strong outsourcing relationships
  7. Check your financials regularly
  8. Invest in technology
  9. Train employees for emergencies
  10. Stay up to date on regulatory requirements

The Rising Threat of BEC Attacks: Don’t Let Your Business Fall Victim

Business email compromise (BEC) attacks are becoming widespread and present a significant risk to businesses of all sizes.

These attacks involve hackers posing as trusted individuals or organizations via email to request sensitive information or financial transfers.

BEC attacks often target high-level employees, such as executives or financial managers, and can be highly sophisticated.

Attackers may go to great lengths to make their emails appear authentic, including using genuine email addresses and logos. In some cases, they may even gain access to an employee’s email account to send BEC emails to other employees or partners.

In BEC attacks, a common technique is the “man-in-the-middle” approach, where the attacker poses as a trusted third party, such as a supplier or vendor, and requests payment or sensitive information.

These attacks can be challenging to detect because the attacker may use genuine email addresses and logos to seem legitimate.

The attacker manipulates the victim into thinking they are communicating with a trusted party, which can lead to them divulging sensitive information or making financial transfers to the attacker.

To safeguard your business from BEC attacks, it is essential to implement strong email security measures and educate your employees on the signs of such an attack.
Two-factor authentication and monitoring for unusual activity can help protect your business.

Employees should also be aware of red flags, such as requests for sensitive information or financial transfers from unknown individuals or organizations, or requests to transfer money to unfamiliar bank accounts.

If you receive a suspicious email, do not click on any links or download any attachments.

Instead, verify the request through a separate, secure channel, such as a phone call to the sender using a number you know to be valid.

Business email compromise attacks are a rapidly growing threat to businesses of all sizes.

By taking proactive steps to secure your email communications and staying vigilant, you can help protect your business from costly and damaging BEC attacks.

Handle Your Email With Care (Even With A SPAM Filter)

Mark Funchion is a network technician at Tech Experts.

A lot of the communication we do today is by email. Naturally, that makes it a favorite avenue for malicious individuals to attack your system. A SPAM filter can help considerably, however nothing is 100% effective – and there is a fine line between “too aggressive” and “not aggressive enough.”

Turning up the aggressiveness of the filter may stop the bad mail while at the same time improperly labeling legitimate messages as SPAM. Even with a SPAM filter, you should handle your email with care.

Here are a few tips to potentially save you from opening a message or attachment that is nefarious in nature.

The first rule is “just don’t do it.” It is tempting to just click that link or open that attachment.

You may even do it without a second thought. Scam emails can be very sophisticated, and they will often look like they are real.

Before you do anything, take a moment and consider a few things. If you are sent an attachment from someone you don’t know, never open it. If the fishy attachment or email is from someone you do know but it was not expected, reach out the sender to make sure they actually sent it.

Next, don’t jump the gun on clicking links that are sent to you. Links are easy to manipulate; they can be made to look legitimate, but they’ll actually take you to a different site or start downloading a program or virus.

With links, there are two things you can do.

First, you can open a browser and go directly to the site to bypass all links. This is the safest option, especially when you get an “urgent alert” about your account that “requires immediate action.”

If you can’t go to the page directly through the website, you can hover your cursor over the link. A box will pop up previewing the destination you’re actually being sent to.

If a link looks strange and doesn’t match the company website, don’t click on it. Also, look closely at the link as it may look just like a real one at first glance. Unless you are 100% sure the link is legitimate, do not click on it.

Another giveaway is that the message is poorly written with a lot of grammatical errors. If the message sounds like whoever wrote it doesn’t use English as their first language (and it is not from a foreign company you do business with), delete the message. Do not open or click on anything in the message.

The last point is that it’s usually not a good idea to unsubscribe from scam emails.

This may seem counterintuitive, but when you unsubscribe, you usually put your email address in to confirm you no longer want these messages.

Unfortunately, that lets the scammer know your email address is active. They will continue to send emails to this account or may sell it off as an active email.

Rather than unsubscribe from the email, block the sender. They will not know your email is active, and if they do send another message to you, it will not be received.

SPAM filters are great and they are essential. Still, remember that they are not 100% effective. Even with protection in place, it is wise to proceed with caution.

Take a moment to look for signs that the message is not from who it seems. These few seconds can save you a lot of time and money by avoiding disaster.

Go Phish: Keeping An Eye On Your Email

Brian Bronikowski is a field service technician for Tech Experts.
Email phishing scams are nothing new in the IT world. There are always new messages coming through that seem more and more realistic. When you add this to your messages from princes, lottery winners, and investment requests, your inbox can grow rapidly.

There are a few ideas that phishing scams use, but there are also ways to look out for them.

There are a few different types of phishing on the Internet. Some will focus specifically on an organization or group.

Others are more generic. Some will take an idea that could apply to those with a certain attribute of family or business life. There are even attempts that pinpoint the “higher ups” in certain organizations and businesses.

So what are ways to notice these scams? A largely common way to decipher what’s real and what is not is the sense of urgency that these messages will have.

They require important personal information as quick as possible. This urgency is used to put your caution aside so you don’t lose out on whatever they are threatening.

These will also be very broad so it seems you’re not the only one receiving this message – and of course, you aren’t.

Either way if someone states they are deleting your emails, suing for some unknown offense, or offering part in a larger grouping of people, it’s likely that you need to take a minute and think about what’s really going on.

Another easy method that cannot be stated enough is the amount of spelling and grammatical errors.

Professional emails are generally well-groomed and checked over by the sender. Phishing scams, however, seem to have a commonality in that they never seem to read properly. These will have easily noticeable spelling errors.

You can also notice that sentence structure is off and it is very broken in general. While people can make spelling mistakes and others may not be the best proofreaders, there is always a need to be on the lookout for errors. In the scenarios where a business or group is targeted, there may be a few other steps to take.

Emails may be sent that were not expected by the receiver. Perhaps it is an event you did not hear about beforehand. Other times, and commonly as of late, there will be a document that the receiver was allegedly “expecting.”

Other times, they will use the tactics mentioned previously such as the urgency or broadness. While none of these are good to open, it is especially dangerous to open any attachments that are in the spam messages.

These can lead to ransomware and cryptoware infections that cost a lot more than the annoyance of seeing the messages.

Luckily, for all of these issues, there are ways to prevent the messages as a whole. Most large email providers will have some level of protection.

The messages will instead be directed towards your junk folder in hopes you won’t accidentally click on them.

For those that use hosted services, providers are likely taking further steps to prevent these messages. Tech Experts is one of these providers; we are able to host email and protect against a large majority of these threats.

Regardless of what you use for email services, it is always important to keep in mind what’s real and what’s too good to be true.

Keeping that in mind can be the deciding factor between infections, data loss, or identity theft.

The Three Scariest Threats To Small Business Networks

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

While spam, pop-ups, and hackers are a real threat to any small business network, there are three security measures that you should be focusing on first before you do anything else.

Worry About E-mail Attachments, Not Spam
Sure, spam is annoying and wastes your time, but the real danger with spam is in the attachments.

Viruses and worms are malicious programs that are spread primarily through cleverly disguised attachments to messages that trick you (or your employees) into opening them.

Another huge threat is phishing e-mails that trick the user by appearing to be legitimate e-mails from your bank, eBay, or other financial accounts.

Here are three things you must have in place to avoid this nightmare: [Read more…] about The Three Scariest Threats To Small Business Networks

Avoid These Five Email Annoyances

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Email is a primary form of communication in the business world because it allows people to work within their own schedules and time-management styles.

With its ease of use, however, we may be sending more messages than necessary, contributing to a general email overload that can mask which items are most important.

Here are some common pet peeves in regards to this lightning-fast communication that may help you refine your email practices:

Sending/Responding to All
Before you send a mass email to all of your contacts or reply to all on an email, ask yourself if each of those people really have a need to know the information within your message.

While this may cover all bases, it is disrespectful to the recipients of your message that aren’t an essential part of the conversation by wasting their time and clogging their inbox. [Read more…] about Avoid These Five Email Annoyances