Nameshield at the CSA Summit in Cologne – From April 22 to 24, 2024

Celebrate the 20th anniversary with us and be part of the discussion about the future of commercial emails.

For 20 years, the CSA (Certified Senders Alliance) has been committed to strengthening trust in email as a communication channel. Building bridges between email senders and email providers has been the central goal of the CSA from the very beginning – this year’s anniversary summit will examine the success factors of the future under the motto ‘Trust Fuels the Future’.

Nameshield is a Gold Sponsor of the event – our team would be delighted to meet you there. Gain market-leading expertise with CSA’s insights and evolving best practices. We are particularly looking forward to the discussion around the implementation of DMARC, which is becoming a new standard.

Join an international network of brands, agencies, email service providers and mailbox vendors for a dynamic exchange of information in the well-connected email ecosystem! The CSA Email Summit is not just an event, it’s your path to realising your full potential in the ever-evolving landscape of commercial email.

The CSA Email Summit is supported by various industry associations and provides a solid platform for conversations that offer valuable insights into the future of email marketing. Learn from industry experts in workshops, sessions, short talks and masterclasses to enhance your expertise.

Please contact the Nameshield team for more information and to make an appointment at the Summit!

Phishing, slamming and other fraudulent e-mails: Stay alert during the end-of-year holidays!

Phishing, slamming and other fraudulent e-mails: Stay alert during the end-of-year holidays!

The end-of-year holidays often announce the upsurge of fraudulent mass e-mails campaigns. Indeed, cybercriminals take advantage of this period, when vigilance can be particularly low, to launch phishing e-mails.

What are phishing and slamming?

Phishing is used by cybercriminals to obtain personal information in order to commit an identity theft.

In the world of phishing, slamming is a well-known variant that consists in encouraging domain names holders to renew their annuity with another registrar, by arguing the emergency and criticality of the concerned name’s loss. Concretely, this is an e-mail pushing its recipient to contract an unsolicited service and to proceed to the payment of this latter without delay.

Thus, the slamming may take the form of a fraudulent renewal invoice, usually associated with intimidating terms like “Expiration notice”. Under the pressure of such e-mail, generally well built, it happens that the recipient then proceeds to the payment and finds himself debited with an important amount for the so-called renewal.

In the same way, the slamming e-mail may also indicate that a “customer” of the sender, posing as a fake registrar, intends to register domain names identical or similar to your brand. Then the fraudster proposes to register them for you in order to protect you from these troublesome registrations, of course, in exchange for an urgent payment.

Another kind of attack, the suspicious e-mail attachment!

Be careful of fraudulent e-mails with infectious attachments: a single entry point is enough to destroy a network!

The aim of a trap and thus malicious attachment is to pose as a legitimate file (PDF, Word document, JPG image…), while hosting and hiding a malicious code: this is what we generally call Trojans.

Some simple rules to protect against them

  • Always stay alert when someone asks you your personal data;
  • Do not ever open an attachment from an unknown sender, or from one who is not entirely trustworthy;
  • Check the links by hovering the cursor over them (without clicking) to ensure that they link to trustworthy websites;
  • Never reply under the pressure of this kind of solicitation and of course do not proceed to any payment;
  • If there is any doubt, do not reply to the e-mail and contact the sender through another method who will confirm whether it really is a fraud attempt or not.

To remind you of this more often, you can find a wallpaper to download on the Nameshield website:

New e-mails authentication requirements from Google and Yahoo

New e-mails authentication requirements from Google and Yahoo - DMARC

Google and Yahoo recently announced significant changes to their e-mails authentication requirements. The aim of these adjustments is to strengthen the security of online communications, a major issue in the current context of cybercrime.

The two giants are emphasizing the adoption of advanced authentication protocols, in particular DMARC (Domain-based Message Authentication, Reporting, and Conformance). DMARC relies on the existing SPF and DKIM standards, providing a robust method for verifying e-mails’ authenticity and reducing the risk of identity theft and phishing.

To implement these new requirements, Google and Yahoo will adjust their algorithms to give priority to e-mails from domains that have correctly implemented DMARC. The aim of this measure is to improve the deliverability of authenticated e-mails, reinforcing users’ trust in the security of their e-mail inboxes.

The new guidelines will apply from February 1, 2024 to all senders who send more than 5,000 emails per day. They underline Google and Yahoo’s commitment to fight against online threats, in particular phishing, a common method used by cybercriminals to deceive users and gain access to their sensitive information. By adopting stricter e-mails authentication requirements, these companies are strengthening users’ protection against malicious attacks.

It is now essential for domains holders and players in the digital world to comply with these new guidelines, in order to contribute to the creation of a safer and more secure Internet for all.

Nameshield’s experts are at your disposal to assist you in deploying this protocol.

Phishing, slamming and other fraudulent e-mails: stay alert during the summer holidays!

Phishing, slamming and other fraudulent e-mails: stay alert during the summer holidays!

Every year, the summer holidays announce the upsurge of fraudulent e-mails mass campaigns. Indeed, cybercriminals try to profit from these periods when the vigilance is sometimes lowering, to launch phishing e-mails.

What are phishing and slamming?

Phishing is used by cybercriminals to obtain personal information in order to commit an identity theft.

In the world of phishing, slamming is a well-known variant that consists in encouraging domain names owners to renew their annuity with another registrar, by arguing the emergency and criticality of the concerned name’s loss. Concretely, this is an e-mail pushing its recipient to contract an unsolicited service and to proceed to the payment of this latter without delay.

Thus, the slamming can take the form of a fraudulent renewal bill, generally associated with intimidating terms like “Expiration notice”. Under the pressure of such e-mail, in general well built, it happens that the recipient then proceeds to the payment and is debited of an important amount for the so-called renewal.

In the same way, the slamming e-mail indicates that a “customer” of the sender posing as a fake registrar, wants to register domain names identical or similar to your brand. Then the fraudster proposes to register them for you in order to protect you from these troublesome registrations, of course, in exchange for an urgent payment.

Another kind of attack, the suspicious e-mail attachment!

Be careful of fraudulent e-mails with infectious attachments: a single entry point is enough to destroy a network!

The aim of a trap and thus malicious attachment is to pose as a legitimate file (PDF, Word document, JPG image…), while hosting and hiding a malicious code: this is what we generally call Trojans.

Some simple rules to protect against them

  • Always stay alert when someone asks you your personal data;
  • Do not ever open an attachment from an unknown sender, or from one who is not entirely trustworthy;
  • Check the links by hovering the cursor over them (without clicking) to ensure that they link to trustworthy websites;
  • Never reply under the pressure of this kind of solicitation and of course do not proceed to any payment;
  • If there is any doubt, do not reply to the e-mail and contact the sender through another method who will confirm whether it really is a fraud attempt or not.

Find on the Nameshield’s website a wallpaper to download to help you think about it more often.

ChatGPT, can you write a phishing email?

"ChatGPT, can you write a phishing email?»

Image source Unsplash

The simple question posed by the mathematician Alan Turing in 1950, “Can machines think?” sparked off a long period of research and experimentation into artificial intelligence. Today, the numerous research and technological advances have borne fruit and many inventions using artificial intelligence have seen the light of day. So it was 72 years later, on 30 November 2022, that chatGPT was launched. Developed by OpenAI, an artificial intelligence research company, chatGPT quickly became a well-recognised term. Today, there are 186 million accounts and 1.6 billion visits in March 2023 alone.

What is chatGPT and how does it work?

ChatGPT is an artificial intelligence chatbot with a self-generating system. This means that the machine “interacts in a conversational manner” using natural language (known as NLP or Natural Language Processing). The artificial intelligence uses deep learning algorithms to analyse users’ questions and generate appropriate responses. Over time, chatGPT learns from its users’ questions and answers. This enables it to answer a very wide range of questions, such as writing cover letters, essays or even lines of code. And if the answer is incorrect, all you have to do is chat with it and a more convincing answer will be proposed. That is why this invention has so quickly caught on with so many people.

But chatGPT also has its drawbacks, particularly in terms of cybersecurity and, more specifically, phishing.

With great power comes great responsibility: managing the cyber risks associated with the creation of chatGPT is becoming a difficult task. Typically, cybercriminals don’t pull any punches. In recent years, global crime and cyberattacks have risen sharply, notably by 38% in 2022
One of the most worrying aspect of chatGPT are phishing attacks. Indeed, chatGPT has become a goldmine for hackers. Its ability to write texts of all types, without error, while generating human-like responses, is a major asset for cybercriminals. This accentuates an already present and widespread threat. The FBI’s IC3 report for 2022 shows that phishing is the crime with the highest number of complaints. In 2022, with 300,497 complaints in the USA alone, phishing is becoming the most widespread type of cyberattack, not only in the USA but worldwide. As well as being a widespread problem, it affects all sectors, so it is essential to be informed and prepared.  

Phishing is used by cybercriminals to obtain personal and sensitive information about their victims. To do this, criminals pretend to be reputable organizations by sending messages via text message, phone call or email. With these messages they invite their victims to click on a link to enter their personal details. 

OpenAI formally prohibits any malicious use of chatGPT. When asked directly to write malicious code or phishing emails, it refuses to do so. However, with sustained insistence and a clever turn of phrase, artificial intelligence can provide enough information to simplify a cybercriminal’s task. This manipulation can be carried out using the standard version of chatGPT, without the need for “JailBreaking“. This is a cause for concern, as chatGPT has already been used to create phishing e-mails and fraudulent web pages.

Interview with chatGPT

What does the main player think? To find out for sure, we asked chatGPT a few questions to get its “opinion” on the situation, but also to test the creation of fraudulent e-mails.

Firstly, from a legal point of view, does chatGPT follow a code of conduct and are there any regulations governing artificial intelligence?

For the moment, in Europe, there is no real law in place to regulate the use of artificial intelligences such as chatGPT. However, the European Commission has already launched a project aimed at providing a regulatory framework, and policy proposals have already been drawn up. As a result, there are as yet no official rules or bans in force in Europe. However, this is expected to change in the coming months or years.


ChatGPT is therefore not subject to a legal code of conduct, although the tool does appear to follow a moral code of conduct.

Interview with chatGPT

According to chatGPT, these are the things it is not allowed to do: engage in illegal activities, infringe intellectual property rights, provide personal or confidential information and, lastly, impersonate a person or organization.

We also asked its opinion on its ability to help someone launch a phishing attack. ChatGPT confirms that it has no moral right to do so. 

Interview with chatGPT - phishing

Finally, we also asked it if it was possible to freely obtain information on the presence of a DMARC entry in Nike’s zone file. Domain-Based Message Authentication Reporting and Conformance (DMARC) is an e-mail authentication method that allows the domain holder to define instructions for handling messages on its e-mail system. It is an effective tool against phishing. For cybercriminals, being informed of the presence of a DMARC within a company makes it easier to choose which companies to target: those that have not deployed a DMARC policy. ChatGPT was unable to provide information directly about the company’s DMARC record, but it did explain how to obtain it using the Windows command line.

Interview with chatGPT - DMARC

We also tried to test chatGPT to obtain a phishing e-mail. After a few questions, we were soon able to ask him the right questions. Finally, he was able to write us a convincing e-mail, posing as a bank. 

Interview with chatGPT - phishing email

It then provides us with this message, a perfect phishing trap, because it contains all the codes of a classic e-mail from a bank asking the recipient to provide their personal details. The message is written in proper English, with no spelling mistakes; it invites the recipient to act quickly, in a panic and without thinking. After obtaining this information, if the cybercriminal is not happy with any of the details, he can ask chatGPT to change them.

What can we expect from the future?

Will it be possible to block or slow down the development of AI? Following the release of chatGPT, a number of influential figures in the field of technology, such as Elon Musk and Apple co-founder Steve Wozniak, expressed their concerns by signing petitions and participating in open letters aimed at suspending the research and release of an AI more advanced than chatGPT. This reflects the concern of the European Commission and citizens about technological advances.

However, it is hard to imagine that artificial intelligences such as chatGPT will be banned altogether in the future. This is despite the risks they pose in terms of cyber security, for example. As proposed by the European Commission, the use of artificial intelligences such as chatGPT will be regulated. However, this is unlikely to be enough to stop cybercriminals wanting to use chatGPT as a phishing tool.

So it is best to prepare and protect yourself against the risks posed by artificial intelligence, which will become increasingly effective over time.

Protecting yourself with Nameshield’s DMARC policy

Who does not fear a phishing attack? That is why it is vital to check the email protection you have in place. This is often the route taken by cybercriminals trying to phish your information and that of your company.

An effective way to counter-attack is to deploy a DMARC policy.

Implementing a DMARC policy within your company has a number of advantages. It will enable you to block spoofing attempts and fraudulent e-mails. What’s more, this policy will strengthen the authentication of your traffic and help improve the deliverability of your emails.

Nameshield supports you in the deployment of a DMARC policy. Thanks to our expertise, we will be able to take care of its correct implementation, in the best possible conditions. 
Do not hesitate to contact your Nameshield consultant and keep up to date with technological advances such as chatGPT and its link to phishing and other cybercrimes.

New document: 5 minutes to understand Phishing as a Service (PhaaS)

5 minutes to understand Phishing as a Service (PhaaS)

Phishing-as-a-Service (PhaaS) is a fast-growing phenomenon in the cyberthreats world, getting armed with tools that make it more and more prosperous.

It has opened up the online fraud market to the masses, to the point that phishing attempts have become a daily plague.

Find in this new “5 minutes to understand” document, available for download on the Nameshield’s website, how phishing is now sold in ready-to-use kit and how to protect against it.

ALERT: TLS/SSL certificates – Phishing vigilance

ALERT: TLS/SSL certificates - Phishing vigilance

Important: information relating to the situation in Russia, Belarus and Ukraine.

In response to the evolving geopolitical situation in Ukraine, many SSL certification authorities are suspending the issuance and reissuance of all types of certificates affiliated with Russia and Belarus.

This includes suspending issuance and reissuance of certificates to TLDs related to Russia and Belarus, including .ru, .su, .by, .рф, as well as to organizations with addresses in Russia or Belarus. We will keep you informed as soon as the situation returns to normal.

Also, we observe a significant increase in phishing attacks. We advise you to be extra vigilant, especially when it comes to new domain name registrations using your trademarks.

Nameshield remains of course at your disposal to accompany and advise you in this complex context.

NBA: Phishing doesn’t spare sports institutions

NBA: Phishing doesn’t spare sports institutions
Image source: mohamed_hassan via Pixabay

On last May 10th, in a press release, the Pacers Sports & Entertainment (PSE) organization, owner of the NBA’s basketball team the Indiana Pacers, revealed that they were the victim of a sophisticated phishing attack at the end of 2018.

For reminder, phishing is a technique used to obtain personal information in order to commit an identity theft.  This is a «social engineering» technique, i.e. consisting in exploiting not an IT flaw but a «human flaw» by deceiving web users through an e-mail seemingly coming from a trustworthy company, typically a bank or a business website.

Pacers Sports & Entertainment victim of a phishing attack

At the end of 2018, the company PSE has then been the target of a phishing emails campaign resulting in the unauthorized access to emails containing personal information related to a limited number of individuals.

This cyberattack affected a limited number of individuals but the amount of the stolen information is important: name, address, date of birth, passport number, driver’s license, state identification number, account number, credit/debit card number, digital signature, username and password and for some individuals, the Social Security number.

The American company has quickly implemented measures to secure the affected email accounts and investigate the incident with the assistance of forensic experts. This investigation then revealed that the hackers had access to the accounts of a limited number of persons between October 15th and December 4th, 2018. The press release doesn’t give any details regarding the identity of the targeted persons.

PSE individually notified each victim whose information has been stolen and assures that “to date, PSE has no evidence of actual or attempted misuse of any personal information”. The organization offered to the victims of the cyberattack an access to credit monitoring and identity protection services at no cost.

Some simple rules against phishing

Phishing attacks are increasing. Above all, they are becoming more and more sophisticated, and target all kinds of industries. Each and every one of us must be extra vigilant.

Lastly, for reminder, here are some simple rules to protect yourself against phishing attempts:

  • Do not reply when someone asks for your personal data by email;
  • Do not ever open an attachment from an unknown sender, or from one who is not entirely trustworthy;
  • Check the links by hovering the cursor over them (without clicking) to ensure that they link to trustworthy websites;
  • Do not trust the name of the mail’s sender. If there is any doubt, contact the sender through another method.

Game of Thrones: The return of the [MALWARES] white walkers by dozens

Game of Thrones: The return of the [MALWARES] white walkers by dozens
Image source: Irfan Rafiq via Pexels

As with each event where massive interest is expected, the launch of the final season of Game of Thrones is a golden opportunity for pirates.

According to a Kaspersky’ study, this series would be the favorite of the cybercriminals. It represented 17% of the infected contents last year, i.e. 20 934 web users! According to this same study, the most targeted episodes are logically the first and last episodes of the season.

For if the fans are many in France, without subscription, the only solution to watch the so awaited episodes is illegal downloading on torrent websites.

It is through this means that the cybercriminals infect the unsuspecting web users’ computers. First warning, do not install programs at the request of the torrent websites, they can contain a malware!

Indeed, two kinds of frauds are principally used:

  • Malwares: the malicious software are launched on torrent websites used by the fans of the series to access to the watching of the precious episodes.
  • Phishing: many phishing attempts have been counted, the pirates use the official image of Game of Thrones to try to retrieves your personal data.

This season, the cybercriminals are almost as creative as the scriptwriters of the successful series: many and various fake contests allow these hackers to collect email addresses and other bank details.

Counterfeiting is also in the game, with an observed increase of websites proposing many so-called “official” products but being nothing more than counterfeits.

Thus, Nameshield recommends to the fans to be highly vigilant!

For reminder, here are the basic principles to respect in order to serenely navigate and not be trapped by unscrupulous hackers:

  • Do not download any plugin of suspicious origin
  • Properly analyze the URLs before any purchase
  • Check the presence of the famous HTTPS
  • Check that the final address corresponds to the searched website

As always on the web, an extra vigilance is needed, because if spring wins our regions, don’t forget that on the web, winter is coming…

A high school student tries to change his grades thanks to phishing

Phishing is cybercriminals’ means of choice to hijack users‘ data, posing as a trusty company and then encouraging them to deliver personal information. We are often more inclined to think that this technique is reserved to hackers who try to steal banking or very sensitive information, and yet!

Source : mohamed_hassan via Pixabay

An American student of Ygnacio Valley High School, in California, had a great time reproducing identically the website on which his teachers connect to enter marks and comments. This same student then emailed his teachers to connect to the fake school’s interface, which looked exactly the same as the original one. Thus, he could retrieve their login ID and passwords, and used them in order to raise his grades but also to lower his classmates’ grades.

Arrested by the police, the student said that what he had done was “as easy as stealing a candy from a baby”. Expelled from school, he was identified thanks to his computer IP address.

Quite light in consequence, this data corruption attempt highlights the simplicity of access to this hacking means. Today, phishing is one of the most popular methods and the easiest to implement. Web users, while unaware and fooled by similarities, consequently provide personal, sometimes very sensitive data.