As a general rule, the stronger your suppliers’ security, the lower the risk to you. If people in your organization are regularly talking to contacts from an unsecured domain, then you’re going to want to know about it sooner rather than later.
How does it work?
OnINBOX Manager lets you quickly identify high volume email traffic that could indicate a mass phishing attack, or unsecured communication with a highly engaged supplier. This article will take you through how to identify and prioritize such suspect traffic quickly and effectively to protect your employees.
What could go wrong?
If a cybercriminal sends an email impersonating a familiar supplier claiming they’ve updated their payment processes with new account details, then OnINBOX will flag that this person isn’t actually who they say they are and you would expect the recipient to report this email. However, OnINBOX Manager means security teams don’t have to rely on individual reports to identify potential threats.
Spot the weak links in 3 easy steps
Filter out the good and sort by the highest volume of email traffic.
Check for suppliers and suspicious traffic from unknown companies.
Reveal who in your organization is being targeted.
1. Filter out the good and sort by the highest volume of email traffic.
At the top of the Supply Chain dashboard in Current View, check Traffic is selected as shown below (this view is the last 30 days by default):
This means your dashboard is now showing a centralized view of all the security results of scanned emails (for Authentication, Content and Trust) in your selected time period.
Now navigate to the ‘Network [DMARC]’ graph and hover over the colourful status icons in the top right hand corner to make the Filter by DMARC menu appear as shown below:
In this menu select No DMARC. You’re now looking at all companies without DMARC in place within your organization's communications network. In other words, unsecured email traffic because these domains are most vulnerable to being spoofed.
It’s also good to note that the domains filterable by Monitoring Mode are also a priority as they can be spoofed too! This is because the organization is monitoring the problem, but hasn’t yet taken any steps to configure their email security and protect their domain.
The size of the bubble represents the volume of emails, so the larger the bubble the greater the volume of email traffic. This visualization clearly highlights the companies engaging the most with employees.
2. Check for suppliers and suspicious traffic from unknown companies.
To further evaluate the different companies scroll down to the All Traffic table below. This is a list of the same companies within the ‘No DMARC’ network visual you just filtered above. In this list view you can quickly sort by Highest Received at the top of the table as shown below:
By surfacing these companies in the All Traffic Table you can quickly determine which companies aren’t protecting themselves against email impersonation and send the most email traffic (starting from the top). Remember, if the company isn’t protected by DMARC then cybercriminals can use this to their advantage to trick you and your colleagues into believing they’re someone familiar and carrying out a malicious request disguised as a regular business request, such as paying a fake invoice.
What to look out for:
Are any of these suppliers? If yes, you’ll want to use the Analyzer tool inside your OnDMARC account to verify a full breakdown of their email security before reaching out to have these standards enforced and your business communications secured.
Is this an unfamiliar company? If this company isn’t on your list of known suppliers then you’ll want to investigate why they’re sending such a high volume of emails that could be impersonated. In fact, these are common characteristics of a mass phishing attack and you’ll want to investigate this as soon as possible!
Is the domain sending an unexpected volume of a certain type of traffic? The Topic and Action columns display the type of email that has been detected. If a company is unexpectedly sending Transactional emails, for example, then someone may be using their domain to carry out phishing attacks.
3. Reveal who in your organization is being targeted.
Let’s look into the domain at the top of your list. This company is sending the most emails from an unsecured domain. Without DMARC in place you’ll want to know who in your organization they’re talking to which can help you get the information you need, faster.
You can do this by clicking view, next to the domain name which will open a list of the people these emails are being sent to as shown below:
Alternatively, if you want to investigate the domain further you can use the search bar at the top of your dashboard and enter the domain name in ‘Search (domain/user email)’ which will display traffic results over time in the History graph.