Phishing-as-a-Service (PhaaS) is a fast-growing phenomenon in the cyberthreats world, getting armed with tools that make it more and more prosperous.
It has opened up the online fraud market to the masses, to the point that phishing attempts have become a daily plague.
Find in this new “5 minutes to understand” document, available for download on the Nameshield’s website, how phishing is now sold in ready-to-use kit and how to protect against it.
The International Cybersecurity Forum, has become in its 15 years of existence, the largest cybersecurity and digital trust event in Europe, with 19,000 participants, 550 private and public sponsors, 520 speakers and 60 countries represented. With the support of the Canadian and French authorities, the event is crossing the Atlantic and will take place in Montreal, Canada, on November the 1st and 2nd, for its first North American edition.
The FIC North America aims to bring together the cybersecurity and digital trust communities on both sides of the Atlantic to discuss the major challenges our digital societies are facing.
Meet us at the event.
Meet our experts and discover our global solutions that answer to the requirements of DNS security and the need to monitor, protect and defend your brands online.
For more information and to register, please visit the event’s website: https://america.forum-fic.com/
Important: information relating to the situation in Russia, Belarus and Ukraine.
In response to the evolving geopolitical situation in Ukraine, many SSL certification authorities are suspending the issuance and reissuance of all types of certificates affiliated with Russia and Belarus.
This includes suspending issuance and reissuance of certificates to TLDs related to Russia and Belarus, including .ru, .su, .by, .рф, as well as to organizations with addresses in Russia or Belarus. We will keep you informed as soon as the situation returns to normal.
Also, we observe a significant increase in phishing attacks. We advise you to be extra vigilant, especially when it comes to new domain name registrations using your trademarks.
Nameshield remains of course at your disposal to accompany and advise you in this complex context.
BIMI (Brand Indicators for Message Identification) allows you to authenticate your emails and reinforce the trust of your customers by displaying your logo in their inbox. VMC (Verified Mark Certificate) is a certificate associated with BIMI, which ensures the authenticity of the logo displayed.
BIMI is an industry initiative aimed at standardizing the use and display of brand logos in email clients. By placing a brand or company logo next to an email, it is more easily identifiable by customers and users, builds a sense of legitimacy and trust, significantly impacts open rates, and increases consumer protection against fraudulent emails.
Technically speaking, BIMI is an emerging security technology that works alongside DKIM, SPF and DMARC protocols to protect your domain name from being used by malicious actors to send fraudulent emails.
Before BIMI, the steps to get your logo next to an email were specific to each email service your message was sent to. Sometimes the process was entirely manual or relied on other applications to aggregate your brand information and share it across participating platforms.
The AuthIndicators group, which includes email service providers such as Google, Verizon Media, IONOS by 1&1 and Fastmail, is working to implement BIMI in the most common email clients. Many players have already adopted BIMI, others are in the process, Microsoft’s and Apple’s positions are expected to drive final adoption of the standard.
To complete the arsenal of a brand’s protection on the Internet, more specifically against hijacking attempts through fraudulent spoofing emails whose goal is to deceive the user and lead them to phishing sites.
306 billion emails circulated worldwide in 2020, with an ever-increasing proportion of fraudulent emails hijacking brands.
To increase the desirability of emails, particularly in marketing campaigns. The implementation of BIMI and more widely of security protocols and certificates on the domain name associated with a brand is essential today and has a major impact on online reputation.
Because it is becoming a market standard, easy to implement unlike the number of existing anti-fraud email solutions that are often difficult to test and implement.
BIMI uses a process of several steps to validate emails by ensuring that they are actually associated with the sender’s domain name. Senders must add a TXT DNS record dedicated to BIMI.
For BIMI to work, domain names must also have several other fraud protections, including:
When emails are sent using BIMI, the receiving mail server will first do the standard DMARC/DKIM authentication and SPF validation. If the email passes these checks, the mail server will verify that it has a valid BIMI record and display the brand logo.
The first step towards using BIMI to display a logo is to implement DMARC. This is stored as a DNS record of TXT type on the domain name. For DMARC to work with BIMI, the reject policy in this record must be p=quarantine or p=reject for all emails sent from your domain.
BIMI requires DMARC… and DMARC requires your domain name to have DKIM records to work. While DMARC only requires SPF or DKIM to work, it is best to include SPF records for more security when using BIMI. These 2 security tools are also stored as TXT DNS records in the domain name zone.
A Verified Mark Certificate is a digital certificate that authenticates the ownership of a logo, and completes the use of BIMI in email clients such as Gmail.
The VMC certificate guarantees the authenticity of the logo displayed, which is necessarily owned by the domain name holder sending the email. It is the last link in the chain to guarantee the authenticity of the email received.
When you send an email to a contact, the receiving mail server that manages their inbox will take the URL of the tag that indicates where the logo should be displayed. It will then check the VMC certificate to ensure that the correct logo is used. Once the logo is verified by the VMC, BIMI will display it next to the email in the inbox.
To obtain a VMC certificate, the implementation of DMARC on the domain name is a prerequisite. Then follows a reinforced authentication process with a Certification Authority that will validate the identity of the Organization, the registration of the logo with a certified body and will issue the certificate after a one to one meeting with a notary.
Depending on the country, the intellectual property offices for logos registrations may vary as well as the rules of acceptance to issue the certificate. The notions to keep in mind, the authorized trademarks can be:
While this is not a requirement for implementing BIMI on your domain name at this time, VMC should be part of the standard in the future.
Entrust Datacard and DigiCert are the first 2 companies to issue VMC certificates for the BIMI standard. Nameshield is a partner of both companies and will assist you in obtaining VMC certificates. You can contact directly our certificates department for any question on the subject.
BIMI + VMC = Guarantee of authenticity
Nameshield now assists its customers in all aspects of the implementation of DMARC, SPF, DKIM, but also BIMI protocols and the obtaining of associated VMC certificates. The domain name is at the core of the implementation of these different protocols. Our historical business as a registrar and DNS zones manager allows us today to assist our customers on these major subjects of the fight against online fraud and the increase of emails desirability.
The DNS (Domain Name System) is a key service of the Internet. It is a giant, hierarchical and distributed directory that associates IP addresses with domain names that are easier to identify, remember and transmit. It is the cornerstone of the Internet, whose infrastructure has flaws by its very conception, making it an ideal target for attacks.
On one hand, the DNS service is based on the authoritative DNS, which holds the information, and on the other hand, the resolver DNS, which carries out the resolution for the web users.
The DNS cache poisoning attack targets resolver DNS.
Find in this “5 minutes to understand” document, available for download on the Nameshield’s website, what is this DNS cache poisoning attack and how to protect against it.
SSL certificates ensure the encryption and integrity of data exchanged between a browser and a web server. There are different levels of certificates, Extended Validation (EV), Organizational Validation (OV) and Domain Validation (DV), which vary depending on the degree of authentication. The Extended Validation type SSL certificate provides the highest level of SSL authentication. It is obtained through a comprehensive and globally standardized identity verification process established by the CA / Browser Forum.
Regardless of the selected SSL level, encryption and data integrity can be guaranteed by Extended Validation (EV), Organizational Validation (OV) and Domain Validation (DV), but they do vary depending on the degree of authentication. The Extended Validation type SSL certificate provides the highest level of SSL security. It is obtained through a comprehensive, globally standardized identity verification process ratified by the CA / Browser Forum.
The EV SSL certificate enables HTTPS security and the now gray padlock in the browser’s address bar, just like DV and OV certificates. The additional cost and time spent on verification makes it more difficult to obtain EV level certificates for phishing sites. Therefore internet users can use this certificate as a mark of trust and feel more secure when communicating and making purchases.
On June 12, 2007, the CA/Browser Forum officially ratified the first version of the Extended Validation SSL Guidelines, which took effect immediately. The formal approval successfully brought to a close more than two years of effort and provided the infrastructure for trusted website identity on the Internet.
Most major browsers created visual indicators for pages loaded over HTTPS and secured by an EV certificate soon after the standard was created: they displayed the validated identity, which is a combination of organization name and legal status, in the URL bar. Safari for iOS, Windows Phone, Firefox for Android, Chrome for Android and iOS, also added these indicators.
In May 2018, Google announced plans to redesign Google Chrome user interfaces and remove emphasis on EV certificates. Chrome 77, released in 2019, removed the EV certificate indication from omnibox. Firefox 70 followed and removed the distinction in the omnibox or URL bar : EV and DV certificates are displayed similarly with just a padlock icon, but the information on the EV certificate status is still accessible in the more detailed view that opens after clicking on the padlock icon.
An EV certificate displayed in Firefox
The increasing use of mobile devices and the removal of the visual indicator EV by browsers has significantly reduced the interest of some entities in using this level of security, but the EV is still very important in our daily lives.
Today, phishing websites are unfortunately still a major threat to legitimate websites and online services. These cybercriminals use DV certificates, usually obtained from a free SSL service that does not conduct adequate phishing checks, to make their sites appear more trustworthy. They are able to easily deceive unsuspecting victims and trick them into disclosing financial or personal information.
A very strong increase in phishing has been observed since March 2020, with the beginning of lockdown and remote working for many people: the volume of phishing sites increased by 47% for the first quarter of 2020, and 82.7% of attacks phishers used DV SSL certificates. This problem is only growing and increases the need to verify identities online.
Image source : TheDigitalArtist via Pixabay
An SSL (Secure Socket Layer) or TLS (Transport Layer Security) certificate is a digital certificate that authenticates a server (most often a web server) and encrypts the data exchanged with it. The data is thus exchanged in confidence between two actors whose identity is known. The data exchanged cannot be spied on or altered by a third party: confidentiality and integrity.
Download this document “5 minutes to understand: SSL / TLS certificates” on Nameshield’s website.
Every day, new DDoS attacks threaten the defense systems of companies and weaken networks even more. These DDoS attacks are increasing with the crisis that the world is experiencing today.
Find in this document how a DDoS attack is carried out and which solutions should be chosen to stop them.
Every day, new cyberattacks threaten the defense systems of companies, and further weaken networks, cyberattacks occur exponentially.
Find in this 5 minutes to understand document what are the most common cyberattacks’ operating modes and the solutions to implement to counter them.
The digital world is in perpetual evolution and every days, new domain names are registered around the world.
Among these new registrations, some can potentially affect your notoriety, your activity, and your results. Fraudsters, through these abusive domain names registrations, seek to benefit from your notoriety as quickly as possible.
Find in this “5 minutes to understand” document, available for download on the Nameshield’s website, the different practices of abusive domain names registrations that can affect your brand and the actions to take depending on the infringement caused to the brand.
