Most of us have received false or fraudulent emails one or several times. Some of us are aware of it, some of us are not. The most common method is called email spoofing and is widely used by cyber criminals all over the world.
The primary reason stimulating criminal activity is that email messaging by default does not have any mechanism for authentication. We have several applicable services that enables your emails to be properly authenticated, despite the lack of default methods.
- Email Fraud Protection: Email phishing has become an ever-increasing problem, and the importance of taking the right precautions and educating your organization cannot be underestimated. We help you implement email security functions such as SPF, DKIM and DMARC, and monitor your email flow using sophisticated tools, in order to detect e.g. fraud attempts, and to make sure that your protection is constantly updated and relevant.
- Client Certificates (Personal ID Certificates): Client certificates enables you to sign and encrypt your emails using the S/MIME protocol. The protocol verifies the sender address, prevents your emails from being tampered and ensures that no one but the intended recipient is able to read them. Further, the receiver is able to verify that the email is legitimate. The client certificates consist of a key pair – one public and one private. Your private key stays with you and is used to sign outgoing emails and to decrypt incoming emails that has been encrypted with your public key. Your public key is used to verify your signature and encrypt emails sent to you.
- Domain Name Watch: Email security services does not prevent ‘non-spoofed’ emails from being sent in your name, e.g. from a misspelled domain name. Our Domain Name Watch service complements Email Fraud Protection by monitoring your domain string (e.g. zacco), informing us of any domain name registrations where your string is included, regardless if it is at the beginning, at the end or in the middle of the domain name, and covers both future as well as past domain registrations. The service can be extended so that it also detects misspellings and other confusingly similar variations, and the number of searches per month customized to your needs.
- Educational services: Creating awareness within your organization and knowing how to detect false emails is crucial in order to prevent spoofing and to minimize its negative effects. Zacco’s experts are available for educational seminars and staff training sessions. In addition, we offer customized phising campaigns where we test your organization from the inside, raising awareness and educating your organization at the same time.
Are you in control? Contact us if you want to find out more about email security mechanisms and strategies!