TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

email

Protect Your Business From Email Fraud With DMARC

Email is the backbone of modern business, but it’s also one of the easiest ways for cybercriminals to attack.

If you’ve ever received a fake email that looks like it came from a trusted company, you know how convincing these scams can be. Worse, what if scammers used your business’s email to trick your customers?

That’s exactly what happens with email spoofing—when hackers send emails pretending to be from your domain to steal information, spread malware, or commit fraud. The result? Lost trust, damaged reputation, and even financial losses.

Fortunately, there’s a solution: DMARC (Domain-based Message Authentication, Reporting, and Conformance).

What is DMARC?

DMARC is a security standard that protects your business from email spoofing and phishing attacks. It ensures that emails sent from your domain are legitimate and blocks fraudulent emails before they reach customers, vendors, or employees.

Think of it like a security checkpoint for your email. Only verified messages get through, while fake ones get stopped.

Why your business needs DMARC

Many business owners believe email fraud is only a problem for large corporations. But in reality, small and mid-sized businesses are prime targets because they often lack strong security measures.

Without DMARC:

Your emails could be marked as spam – Clients and vendors may never see important messages like invoices or proposals.

Scammers can impersonate your company – Fraudsters can send emails pretending to be from your business, putting your reputation at risk.

You could face compliance and legal issues – Industries like finance, healthcare, and retail are tightening cybersecurity requirements, and failing to secure your email could lead to penalties.

With DMARC, you can:

Prevent email fraud and phishing attacks – Keep criminals from impersonating your business.

Ensure your emails get delivered – No more important messages going to spam.

Protect your reputation – Customers and partners will trust that emails from your domain are legitimate.

Stay ahead of security compliance – Meet industry regulations and avoid costly fines.

Why DIY isn’t the best option

Implementing DMARC is not as simple as flipping a switch. If done incorrectly, it could accidentally block legitimate emails from reaching their destination.

It requires careful setup, monitoring, and ongoing adjustments to ensure your emails are secure but still get delivered. This is where Tech Experts comes in.

How Tech Experts can help

At Tech Experts, we specialize in setting up and managing DMARC policies to keep your business protected without disrupting your communication. Our process includes:

Proper setup – We configure DMARC correctly to secure your domain while ensuring your real emails don’t get blocked.

Ongoing monitoring – We track and analyze email activity, making adjustments as needed.

Compliance & best practices – We ensure your business stays in line with security regulations and industry standards.

Peace of mind – You can focus on running your business while we handle the technical details.

Don’t wait until it’s too late

Cybercriminals are getting smarter, and email-based scams are on the rise. Don’t wait for a phishing attack to damage your business. Protect your email, your reputation, and your customers with DMARC.

Ready to secure your business email?

Tech Experts can help. Contact us today at (734) 457-5000, or email us at info@mytechexperts.com, to set up your DMARC protection and keep scammers out of your inbox.

Six Simple Steps to Enhance Your Email Security

Email is a fundamental communication tool for businesses and individuals alike. But it’s also a prime target for cybercriminals. Cyberattacks are increasing in sophistication. This means enhancing your email security has never been more critical.

By taking proactive measures, you can protect your sensitive information as well as prevent unauthorized access and maintain communication integrity. Here are six simple steps to enhance your email security.

Use strong, unique passwords

Passwords are the first line of defense for your email accounts. A weak password is like an open invitation for cybercriminals. To enhance your email security, use strong, unique passwords. Ones that are difficult to guess.

Consider using a password manager. Remembering several complex passwords can be challenging. A password manager can help you generate and store unique passwords for all accounts. With a password manager, you only need to remember one master password. This simplifies the process while enhancing security.

Enable two-factor authentication (2FA)

Two-factor authentication (2FA) adds an extra layer of security to your email accounts. Even if someone gets hold of your password, they won’t be able to access your account. They would need the second factor of authentication to do that.

Enable 2FA for all your email accounts. Most email providers offer this feature and setting it up usually takes just a few minutes. This simple step significantly improves your email security.

Be cautious with email attachments and links

Email attachments and links are common vectors for malware and phishing attacks. Clicking on a malicious link or attachment can give attackers access to your system. Exercise caution to protect your email security.

Before opening an attachment or clicking on a link, verify the sender’s identity. If you receive an unexpected email from someone you know, contact them. But do it through a different channel to confirm they sent it. For emails from unknown senders, exercise extra caution.

Keep your email software updated

Software updates often include security patches that address vulnerabilities in your email client. Keep your email software updated. This ensures you have the latest protections against known threats.

Most email clients and operating systems offer automatic updates. Enable this feature. It ensures your software stays up to date without requiring manual intervention. Automatic updates reduce the risk of missing critical security patches.

Use encryption for sensitive emails

Encryption adds a layer of protection to your emails. It encodes the content, making it readable only by the intended recipient. This ensures that even intercepted email information remains secure.

If you’re sending encrypted emails, make sure the recipients know how to decrypt them. Provide clear instructions about how to access the encrypted content securely.

Watch your email activity

Regularly monitoring your email activity can help you detect suspicious behavior early. By keeping an eye on your account, you can take swift action if something seems off.

Many email providers offer activity alerts. They notify you of unusual login attempts or changes to your account settings. Enable these alerts to stay informed about your account’s security status.

Review your email account activity on a regular basis. This includes login history and devices connected to your account.

You’d Be Lost Without It, So Don’t Forget Email Security

Let’s talk about something super important: Email security. Yep, we know it might not sound like the most thrilling topic, but it’s a big deal. Businesses like yours face more cyber threats than ever.

We’ve seen our fair share of cyber attacks, and let us tell you, many of them start with a simple email (official figures say it’s a massive 90%!). Yep, that innocent-looking message in your inbox could be the gateway for cyber criminals to wreak havoc on your business.

So, why is keeping your business email secure so important? Well, for starters, it’s your first line of defense against cyber attacks. Think of it like locking the front door of your house to keep out intruders.

If your email is secure, you’re making it a whole lot harder for cyber criminals to sneak in and steal your sensitive data.

But implementing proper email security measures safeguards your valuable data from getting lost or falling into the wrong hands.

It’s not just cyber criminals you’re at risk from; an employee could accidentally leave a laptop on a train or in a coffee shop.

That could mean all your important business communications and documents were suddenly open for someone else to read. It would be a nightmare, right?

You might be thinking, “But I’m just a small business. Why would I be a target?” Ah, but here’s the thing – cyber criminals don’t discriminate based on business size.

In fact, small and medium-sized businesses are often seen as easier targets. That’s because they may not have the same level of security measures in place as larger corporations.

So, don’t think you’re off the hook just because you’re not a Fortune 500 company.

Now that we’ve established why email security is crucial, let’s talk about how you can ramp up your defenses.

First off, use strong, unique passwords for your email accounts. None of that “p@ssW0rd123” nonsense, please.

Better still, use a password manager to create and store uncrackable passwords.

Consider implementing two-factor authentication for an extra layer of security (where you generate a login code on another device to prove it’s you).

And don’t forget to keep your software and security patches up to date – those updates often contain important fixes for vulnerabilities that cyber criminals love to exploit.

Lastly, educate your employees about the importance of email security. They could be your strongest defense or your weakest link when it comes to keeping your business safe from cyber threats.

Teach them how to spot phishing emails (emails pretending to be from someone you trust) and what to do if they suspect something isn’t right.

Remember, a little prevention now can save you a huge headache, time, trouble (and money) later. If we can help with that, get in touch.

Google & Yahoo’s New DMARC Policy – Why Businesses Need Email Authentication

Have you been hearing more about email authentication lately? There is a reason for that. It’s the prevalence of phishing as a major security threat. Phishing continues as the main cause of data breaches and security incidents. This has been the case for many years.

A major shift in the email landscape is happening. The reason is to combat phishing scams. Email authentication is becoming a requirement for email service providers. It’s crucial to your online presence and communication to pay attention to this shift.

Google and Yahoo are two of the world’s largest email providers. They have implemented a new DMARC policy that took effect in February 2024. This policy essentially makes email authentication essential. It’s targeted at businesses sending emails through Gmail and Yahoo Mail.

But what’s DMARC, and why is it suddenly so important?

The email spoofing problem

Imagine receiving an email seemingly from your bank. It requests urgent action. You click a link, enter your details, and boom – your information is compromised. The common name for this is email spoofing.

It’s where scammers disguise their email addresses. They try to appear as legitimate individuals or organizations. Scammers spoof a business’s email address. Then they email customers and vendors pretending to be that business.

These deceptive tactics can have devastating consequences on companies. These include:

  • Financial losses
  • Reputational damage
  • Data breaches
  • Loss of future business

Unfortunately, email spoofing is a growing problem. It makes email authentication a critical defense measure.

What is email authentication?

Email authentication is a way of verifying that your email is legitimate. This includes verifying the server sending the email. It also includes reporting back unauthorized uses of a company domain.

Email authentication uses three key protocols, and each has a specific job:

  • SPF (Sender Policy Framework): Records the IP addresses authorized to send email for a domain.
  • DKIM (DomainKeys Identified Mail): Allows domain owners to digitally “sign” emails, verifying legitimacy.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Gives instructions to a receiving email server including, what to do with the results of an SPF and DKIM check. It also alerts domain owners that their domain is being spoofed.

SPF and DKIM are protective steps. DMARC provides information critical to security enforcement. It helps keep scammers from using your domain name in spoofing attempts.

Why Google & Yahoo’s new DMARC policy matters

Both Google and Yahoo have offered some level of spam filtering but didn’t strictly enforce DMARC policies.

Starting in February 2024, the new rule took place. Businesses sending over 5,000 emails daily must have DMARC implemented.

Both companies also have policies for those sending fewer emails. These relate to SPF and DKIM authentication.

Look for email authentication requirements to continue and be more strictly enforced. You need to pay attention to ensure the smooth delivery of your business email.

The benefits of implementing DMARC include:

  • Protects your brand reputation
  • Improves email deliverability
  • Provides valuable insights

Learn How To Fight Business Email Compromise

A significant cyber threat facing businesses today is Business Email Compromise (BEC). BEC attacks jumped 81% in 2022, and as many as 98% of employees fail to report the threat.

What is business email compromise (BEC)?

BEC is a type of scam in which criminals use email fraud to target victims. These victims include both businesses and individuals. They especially target those who perform wire transfer payments.

BEC attacks are usually well-crafted and sophisticated, making it difficult to identify them. The attacker first researches the target organization and its employees online. They gain knowledge about the company’s operations, suppliers, customers, and business partners.

The scammer pretends to be a high-level executive or business partner. Scammers send emails to employees, customers, or vendors.

These emails request them to make payments or transfer funds in some form.

The email will often contain a sense of urgency, compelling the recipient to act quickly. The attacker may also use social engineering tactics. Such as posing as a trusted contact or creating a fake website that mimics the company’s site. These tactics make the email seem more legitimate.

According to the FBI, BEC scams cost businesses about $2.4 billion in 2021.

These scams can cause severe financial damage to businesses and individuals. They can also harm their reputations.

How to fight business email compromise

BEC scams can be challenging to prevent. But there are measures businesses and individuals can take to cut the risk of falling victim to them.

  • Educate employees
  • Enable email authentication
  • Deploy a payment verification processes
  • Check financial transactions
  • Establish a response plan
  • Use anti-phishing software

Get ready for the unexpected

If your business suffers an email compromise or a ransomware attack tomorrow, do you have a contingency plan in case of any disasters? The unexpected can happen anytime, and small businesses can get hit particularly hard.

Here are ten helpful tips to get ready for anything:

  1. Create a contingency plan
  2. Maintain adequate insurance coverage
  3. Diversify your revenue streams
  4. Build strong relationships with suppliers
  5. Keep cash reserves
  6. Build strong outsourcing relationships
  7. Check your financials regularly
  8. Invest in technology
  9. Train employees for emergencies
  10. Stay up to date on regulatory requirements

Business Email Compromise (BEC) And Phishing Are Dangerous For Small Businesses

Business email compromise (BEC) and phishing are two of the most common and damaging cyber threats facing businesses today. BEC involves the fraudulent use of email to impersonate a legitimate business or individual in order to gain access to sensitive information or financial resources.

Phishing, on the other hand, is a type of cybercrime that involves the use of fraudulent emails or websites to trick individuals into revealing sensitive information, such as login credentials or financial information.

BEC attacks often target employees with access to sensitive financial information or those who have the authority to make wire transfers or other financial transactions.

The attackers use sophisticated social engineering tactics to trick the employee into revealing login credentials or other sensitive information, or to convince them to make a financial transaction on behalf of the company. In some cases, the attackers may even impersonate a high-level executive or vendor in order to gain the trust and cooperation of the employee.

One of the most common tactics used in BEC attacks is the “man-in-the-middle” attack, where the attacker intercepts legitimate emails and alters them to redirect payments or other financial transactions to their own account.

Other tactics include the use of fake invoices, purchase orders, or other financial documents to trick employees into making payments to the attacker.

Phishing attacks, on the other hand, generally aim to trick individuals into revealing sensitive information or clicking on malicious links. These attacks often take the form of fake emails purporting to be from legitimate organizations, such as banks or government agencies, and may contain links to fake login pages or download malicious software onto the victim’s computer.

To protect against BEC and phishing attacks, it’s important for businesses to implement strong security measures and to educate their employees on how to spot and avoid these threats. Some best practices for protecting against BEC and phishing attacks include:

  • Implementing strong email security measures, such as spam filters and email authentication protocols, to help identify and block fraudulent emails.
  • Training employees on how to spot and avoid phishing and BEC attacks, including teaching them to be wary of unsolicited emails and to verify the authenticity of any emails requesting sensitive information or financial transactions.
  • Establishing strong passwords and using two-factor authentication to protect login credentials and other sensitive information.
  • Setting up monitoring systems to detect and alert on unusual or suspicious activity, such as unexpected wire transfers or login attempts.
  • Regularly updating software and security protocols to ensure that the latest security measures are in place.

In addition to these measures, it’s important for businesses to have a plan in place for responding to a BEC or phishing attack. This should include:

  • Establishing a clear chain of command for reporting and responding to suspicious activity.
  • Designating a team to investigate and respond to potential attacks.
  • Having a process in place for assessing and mitigating the damage caused by an attack.
  • Reviewing and updating security protocols on an ongoing basis to ensure that they are effective in protecting against these threats.

Overall, BEC and phishing attacks are a serious threat to businesses of all sizes. By implementing strong security measures and educating employees on how to identify and avoid these threats, businesses can protect themselves and their customers from these damaging cyber attacks.

The SLAM Method Can Improve Phishing Detection

Why has phishing remained such a large threat for so long? Because it continues to work. Scammers evolve their methods as technology progresses, employing AI-based tactics to make targeted phishing more efficient.

If phishing didn’t continue returning benefits, then scammers would move on to another type of attack. But that hasn’t been the case. People continue to get tricked.

In May of 2021, phishing attacks increased by 281%. Then in June, they spiked another 284% higher.

Studies show that as soon as 6 months after a person has been trained on phishing identification, their detection skills can begin waning as they forget things.

Give employees a “hook” they can use for memory retention by introducing the SLAM method of phishing identification.

What is the SLAM Method for Phishing Identification?

One of the mnemonic devices known to help people remember information they are taught is the use of an acronym. SLAM is an acronym for four key areas of an email message that should be checked before trusting it. These are:

S = Sender
L = Links
A = Attachments
M = Message text

By giving people the term “SLAM” to remember, it’s quicker for them to do a check on any suspicious or unexpected email without missing something important.

All they need to do is run down the cues in the acronym.

S = Check the Sender

It’s important to check the sender of an email thoroughly. Often scammers will either spoof an email address or use a look-alike address that people easily mistake for the real thing.

You can double-click on the sender’s name to ensure the email address is legitimate.

L = Hover Over Links Without Clicking

Hyperlinks are popular to use in emails because they can often get past antivirus/anti-malware filters.

You should always hover over links without clicking on them to reveal the true URL. This often can immediately call out a fake email scam due to them pointing to a strangely named or misspelled website.

A = Never Open Unexpected or Strange File Attachments

Never open strange or unexpected file attachments, and make sure all attachments are scanned by an antivirus/anti-malware application before opening.

M = Read the Message Carefully

If you rush through a phishing email, you can easily miss some telltale signs that it’s a fake, such as spelling or grammatical errors.

Look for words or phrases not normally used by the person who’s emailing you. Words like “kindly” and “revert” are tell-tale clues the email come from someone who’s not your normal sender.

Also, be on the lookout for pressure to act quickly or unexpected banking change requests. While it happens, it is rare for a company to change banks without months of advance notice.

Get Help Combatting Phishing Attacks

Both awareness training and security software can improve your defenses against phishing attacks. Contact us today to discuss your email security needs.

Watch Out For Reply-chain Phishing Attacks

Phishing. It seems you can’t read an article on cybersecurity without it coming up. That’s because phishing is still the number one delivery vehicle for cyberattacks.

80% of surveyed security professionals say that phishing campaigns have significantly increased post-pandemic.

Phishing not only continues to work, but it’s also increasing in volume due to the move to remote teams.

Many employees are now working from home. They don’t have the same network protections they had when working at the office.

One of the newest tactics is particularly hard to detect. It is the reply-chain phishing attack.

What is a Reply-Chain Phishing Attack?

You don’t expect a phishing email tucked inside an ongoing email conversation between colleagues.

Most people are expecting phishing to come in as a new message, not a message included in an existing reply chain.

The reply-chain phishing attack is particularly insidious because it does exactly that. It inserts a convincing phishing email in the ongoing thread of an email reply chain.

How does a hacker gain access to the reply chain conversation? By hacking the email account of one of those people copied on the email chain. Often, the target isn’t even aware.

The hacker can email from an email address that the other recipients recognize and trust. The attacker also gains the benefit of reading down through the chain of replies. This enables them to craft a response that looks like it fits.

They may see that everyone has been weighing in on a new idea for a product called Superbug. So, they send a reply that says, “I’ve drafted up some thoughts on the new Superbug product, here’s a link to see them.”

The reply won’t seem like a phishing email at all. It will be convincing because:

  1. It comes from an email address of a colleague. This address has already been participating in the email conversation.
  2. It may sound natural and reference items in the discussion.
  3. It may use personalization. The email can call others by the names the hacker has seen in the reply chain.

Business Email Compromise is Increasing

Business email compromise (BEC) is so common that it now has its own acronym. Weak and unsecured passwords lead to email breaches. So do data breaches that reveal databases full of user logins.

Tips for Addressing Reply-Chain Phishing

Here are some ways that you can lessen the risk of reply-chain phishing in your organization:

• Use a business password manager
• Put multi-factor controls on email accounts
• Teach employees to be aware

Human Error: The Reason Why Cybercriminals Love Email

Mark Funchion is a network technician at Tech Experts.

Defending your data network against viruses, malware, ransomware, and other threats is a never-ending battle. Some attacks can be very sophisticated, using extremely complex techniques to try and exploit even the most secure networks. However, the vast majority of threats to your network – over 80% – are delivered through a very basic method: email.

Email is a common tool that many of us use constantly at work. Oftentimes, we use it without giving much thought to what we’re doing or what we’re opening.

It’s normal for co-workers, clients, or new prospects to communicate and share files with us via email. The file can be a document, spreadsheet, PDF, etc., but the fact is that it’s common and repetitive to us.

Like anything we do frequently, we can develop muscle memory. Think about the program guide on your TV – you probably navigate the menus without thinking. After an update or a provider switch, those menus can change and you might click the wrong buttons out of habit. No harm there.

But consider making the same mistake when a document is sent to you. The message arrives, and you briefly glance at who it’s from. Maybe you recognize them, maybe you don’t. You see an attachment, and you open it out of habit. The file is infected, and in less than a second, the damage has begun.

Like it or not, the people who are attacking your systems are running a business. Like any business, they are concerned with the return on their investment. Developing high-end, sophisticated attacks takes time and skill, which is expensive to do.

However, minimal skill is required to send an email – and that process can be replicated to hundreds of thousands of users with a simple click of a button. And almost everyone working today might accidentally open an email with little to no thought.

For small businesses, having a firewall, an email filter, and anti-virus software is a must. We can help install and maintain that infrastructure. Unfortunately, the methods that attackers use to slip under your defenses are always changing.

It is important that you and your staff – the end users who do the clicking – still do your part and remain vigilant. Attackers send such a high percentage of attacks through email because of that human element. It works.

It’s essential that you fight your muscle memory and treat email like physical mail. Look at what is being sent, who it is from, and if there is anything attached. If anything seems off, do not open it. Always err on the side of caution.

Also, if you do open something you shouldn’t, it’s better to notify your IT department or provider of a potential issue so they can look at what you were sent.

Often, I have observed someone get a suspicious message, open it, notice something is not right, then forward it to a co-worker for help. By sending the message on, there is a potential to increase the scope of damage done.

Those looking to do harm and steal information will always try the path of least resistance. All the security in the world can’t stop an intruder if you open the door for them.

The same caution you take at home when an unexpected knock is heard should be how you handle all email. Consider the source and content, and if you have doubts, don’t open the message. Delete it.

Malware will never be fully eradicated – cybercriminals will make sure of that – but you can do your part to make sure you do not infect your PC or business.