Brightball

Articles about Phishing

How Microsoft Became Phishing's Biggest Enabler

Security | Email | DMARC | - February 23, 2023 // Barry

It might sound strange to hear that Microsoft, a company who goes to great lengths to protect computers and networks, is one of the biggest contributors to phishing and fraud on the planet. It's true unfortunately.

They aren't actually committing the acts themselves of course, but they are enabling the problem by withdrawing support for standards designed to help stop it. Here's why this is such a big deal.

UPDATE 4/12/2023: After years, Microsoft is finally fixing this by honoring p=reject. This is a huge improvement and deserves to be applauded. The work isn't done though. We need aggregate reports to avoid blind spots during our implementation. Offering the reports for enterprises is a great step though.

The Time I Accidentally Ended Up Combatting Fraud for a Year

Rails | Security | Email | DMARC | - February 10, 2023 // Barry

Lately, I’ve been spending a lot of time enjoying the Darknet Diaries podcast and it’s compelled me to finally share the entire story of the most intense year of my 20 year professional career. I was the sole developer hired by a company going through a circus-like ownership transition while criminals actively worked to defraud the 300,000 users of this 14 year old, high end marketplace.

We experienced late nights, numerous technical challenges, worked with abuse response teams, learned a lot of lessons about phishing and fraud, high emotions, death threats and at least one person lost a business that depended on the site. Here’s the story from start to finish, including how to prevent many of these problems on your own site. Buckle up.

Waste Spammers Time to Kill Their Return on Investment

Business | Security | - July 30, 2022 // Barry

Continuing our series from 2012 where I accidentally ended up combating phishing and fraud for a year, we move onto the spam issue. Everything that happened that year was an exercise in triage. Problems were everywhere on the system and in the marketplace. The site I was working on was the leader in a niche space but it wasn't just the phish who tried to capitalize on the chaos, it was our competitors too.

Spam takes a time investment and every time investment is a business decision. If you can't stop it completely, you can at least dramatically increase their costs...and have fun doing it.

Deploying DMARC Without Breaking Everything

Security | Email | DMARC | - July 23, 2022 // Barry

Too scary? Messing with the configuration on your domain email is scary, especially if you're already sending a lot of it. You have to worry that you're going to screw something up and break all of the email communications for the entire company.

That's what I was worried when I first rolled this out and had no idea what I was doing. One of the reasons I'm such a big advocate for DMARC today is that it was painless, easy and involve no risk at all.

Combating Phishing with DMARC

Security | Email | DMARC | - July 18, 2022 // Barry

Email shouldn't feel like a dark art, but to a lot of people it does. Everyone should have DMARC setup by this point, but they don't. Here's the first piece of a 3 part guide covering why it works and how to set it up.

Since writing about how to reverse account takeovers last week I've decided to write a security series covering all the weird things I encountered back in 2012, when I accidentally ended up combating phishing and fraud for a year. In the last article, the first recommendation was to setup DMARC. So let's take a deeper look at why, how and what's involved in long term management once it's setup.

Automatically Reversing Account Takeovers

Security | Email | DMARC | - July 11, 2022 // Barry

Today, Brian Krebs reported on account takeovers happening at Experian, one of the 3 major credit agencies. The first step after getting account access is to lock out the account owner, usually by swapping the email address. 10 years ago I dealt with this problem extensively, so I'd like to share how to solve it.

Phishing Leaves a DMARC Trail

Email | DMARC | - August 7, 2018 // Barry @ A.P.W.G.

In May I had the opportunity to present at the Anti-Phishing Working Group (APWG) Conference after spending some time cross referencing the APWG's eCrime Exchange data with dmarcian's historic DMARC reports to see if we could identify consistent patterns among known bad actors, as well as potentially identifying a wider scope to the attacks that any single entity could see. The results were interesting!

Protecting Users from Phishing and Fraud Presentation

Security | Email | DMARC | DNS | - April 2, 2015 // Barry @ Upstate PHP

This presentation covers my experiences combatting phishing and fraud using DMARC and assorted other techniques in a large eBay-like platform for a niche market...when the site previously did everything over direct user email...for over a decade. Good times.