SoylentNews is people
SoylentNews
BofA Phish Gets Around DMARC, Other Email Protections:
A credential-phishing attempt that relies on impersonating Bank of America has emerged in the U.S. this month, with emails that get around secure gateway protections and heavy-hitting protections like DMARC.
The campaign involves emails that ask recipients to update their email addresses, warning users that their accounts could be recycled if this isn’t done.
“The email language and topic was intended to induce urgency in the reader owing to its financial nature,” according to analysis from Armorblox. “Asking readers to update the email account for their bank lest it get recycled is a powerful motivator for anyone to click on the URL and follow through.”
The messages contain a link that purports to take visitors to a site to update their information – but clicking the link simply takes the recipients to a credential-phishing page that closely mirrors a legitimate Bank of America home page, researchers said.
The attack flow also included a page that asked readers for their ‘security challenge questions’, both to increase legitimacy as well as get further identifying information from targets, researchers said in a posting on Thursday.
“With the enforcement of Single Sign On (SSO) and two-factor authentication (2FA) across organizations, adversaries are now crafting email attacks that are able to bypass these measures,” Chetan Anand, co-founder and architect of Armorblox, told Theatpost. “This credential-phishing attack is a good example. Firstly, it phishes for Bank of America credentials, which are likely not to be included under company SSO policies. Secondly, it also phishes for answers to security-challenge questions, which is often used as a second/additional form of authentication. Asking security-challenge questions not only increases the legitimacy of the attack, but also provides the adversaries with vital personal information about their targets.”
(Score: 4, Insightful) by Snotnose on Friday June 19 2020, @11:42PM (3 children)
I consider myself pretty tech savvy, and I dumped BOA in the late 70's with extreme prejudice (meaning, I don't remember why but I will never again open an account with them, the aftertaste lives on for 40 years) for reasons long forgotten (don't think it was ATM fees, probably some other fee). When ATMs got to be a thing in the 70s all the banks were looking for ways to squeeze my wallet, I just "yeah, nope, this other bank will do what you do without that fee".
Yet here we are with a whole new acronym the summary can't be bothered to explain, and I can't be bothered to click.
The thing to keep in mind is before the mid-70's banks had to have branch offices. Which meant real estate, plus people to occupy that real estate. For every semi busy street crossing another semi-busy street, you had a branch. When ATMs got to be a thing they not only did not need the real estate, they didn't need the people. Yet they tried to charge fees because "it costs money to run these machines and it's so much more convenient for you, the consumer". Wonder what it cost them to not only rent the expensive real estate, but to pay all the worker bees to keep that expensive real estate running?
Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
(Score: 0) by Anonymous Coward on Friday June 19 2020, @11:45PM (1 child)
DMARC = Digital Manipulation of Asshole Retail Clients. It is a system used by banks to increase their profits by randomly creating new fees.
(Score: 2, Interesting) by RandomFactor on Saturday June 20 2020, @12:13AM
Hardly just banks, most Fortune 500 companies have adopted DMARC, although far less (around 20%) have moved it to a fully protective state.
DMARC is designed to overcome weaknesses inherent in SPF and DKIM.
With SPF and DKIM, shadow IT systems/forgotten legitimate ones can be caused to fail. Shutting down random applications (or making them unreliable) is actually NOT the goal (tempting though it can be.)
As a result implementation of SPF and DKIM was often done at weaker settings leaving the ability to spoof email in place for the criminals to use.
DMARC does two new things.
1) it actually allows for redundancy, if either aligned SPF or DKIM authenticate the email then it is authenticated for DMARC
2) it provides feedback. If a participating site receives an email that fails DMARC, a report is sent to the designated reporting address of the sending domain. This lets the IT Admins identify legitimate systems that aren't authenticating, fix them, and confirm that there is no failing legitimate traffic before switching DMARC to a strict (reject spoofed email) mode.
Implementing DMARC can be a long road for large enterprises but it helps protect both the business and its customers from impersonation and MITM type BEC attacks and really has little downside.
It is also a base requirement for BIMI, which is something that is going to get all the marketing types excited over time I think, so all the companies lagging are likely to start working on it since Marketing rules the world :-p
В «Правде» нет известий, в «Известиях» нет правды
(Score: 1, Informative) by Anonymous Coward on Saturday June 20 2020, @03:11AM
DMARC is an email authentication protocol [ietf.org].
Protocol info page [rfc-editor.org]:
More background:
https://en.wikipedia.org/wiki/Sender_Policy_Framework [wikipedia.org]
https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail [wikipedia.org]