The Department of Human Services has undergone a “large-scale” email authentication project to reduce the number of phishing emails that appeared to come from its domains.
The department engaged InfoTrust to authenticate its domains and provide insight into where email spoofing was taking place.
While the project is still ongoing, it is already claimed to have stopped “a large percentage of fraudulent emails” being sent on DHS’ behalf, reducing the potential for reputational damage.
It has also allowed DHS to rebuild trust with customers, and freed employees from spending time dealing with the aftermath of fraudulent emails.
InfoTrust, which brought its Agari email anti-fraud tool to market in Australia in early 2017, said the DHS project was complex owing to “the number of domains and the extent to which the organisation was being spoofed”.
“The first step of the project was to identify all the legitimate domains that DHS were using and authenticate their use by getting the organisation's DMARC record to "p=reject", whereby any email that is sent by a bad actor who is not authorised to use the domain address is rejected by receivers,” InfoTrust said.
DMARC (Domain-based Message Authentication Reporting and Conformance) is widely recommended as a way to defend against phishing and spoofing attacks.
“We utilised the Agari platform to identify the true senders of DHS' email, collect analytics and give contextual correlation to extend beyond DMARC and provide unique insight into threats on the domains that DHS don't own.”
After “significant work”, the department has successfully authenticated all its trusted domains that are sending email on its behalf.
“This has had a tremendous amount of significance for the department, allowing them to say to their customers that any email coming from DHS can be trusted,” InfoTrust said.
Nigel Cox, director, cyber security projects at Department of Human Services, said: “Agari Customer Protect has proved valuable in securing the organisation’s email and protecting our customers. The main business outcome of deploying Agari is customer trust, through a reduction in phishing email using our domain names.”
InfoTrust is continuing to work with the department on “cleaning up their sender environment”, using data from Agari to advise DHS when bad actors are attempting to spoof their domains and providing them with threat intelligence.
While technology is critical to solving the endemic problems of phishing, social engineering, brand abuse, brand spoofing and other forms of attacks that mimic customers' brands with malicious intent, people and process are equally important factors.
InfoTrust said that organisational change was typically required, and it offered a “customer success” model to help organisations achieve that part of the journey.
“The net result is email authentication standards adopted end to end, underpinned by an email governance framework,” InfoTrust said.
InfoTrust is a finalist in the 'Trusted Systems' category in the 2018 CRN Impact Awards. For a list of all finalists and further details on the awards, please head to the CRN Impact Awards hub. The awards take place during the CRN Pipeline conference. You can get more information and purchase tickets here.