DMARC Helps HMRC in Blocking 300 Million Phishing Emails

Last year, taxpayers in UK are hit by phishing emails of around half billion. However, HMRC is saying that they have made massive progresses to protect them by moving on to DMARC.

HMRC is first department of government who implement fully DMARC (Domain-based Message Authentication, Reporting and Conformance) protocol. DMARC implementation is compulsory for the public sector bodies as a part of active cyber defense programme, which is led by NCSC (National Cyber Security Centre) of UK.

In September, Infosecurity reported that GDS (Government Digital Service) of Cabinet Office's just mandated that strongest DMARC policy as default for the email services from October 1st.

The DMARC protocol helps to protect against spam and phishing by authenticating the incoming email. Infosecurity-magazine.com posted on November 28th, 2016, that by using DMARC, HMRC so far this year has blocked 300 Mn phishing emails as explained by Ed Tucker, Cybersecurity Head.

It is largely focused on fixing underlying infrastructure protocols, finding and then blocked the malicious activity, improving the email security, filtering out the malicious domains, helping the government and important national infrastructure improve the security practices, as well as encouraging new ways for online authentication.

The NCSC expects that all departments will run DMARC protocol without delay for removing malicious emails which appear to have come from the government.

For making phishing emails of HMRC look more genuine, the criminals usually spoof, or else masquerade, as genuine domains of HMRC, most of the times @HMRC.gov.uk. Tucker said that the cyber security team of HMRC was working for tackling the issue by "gradually implementing security controls across all of our email domains".

Cabinet Office mandated for all the government sites to use HTTPS and HSTS, in an effort to help protecting against the Man in the Middle and various other attacks.

However, there is still more work to perform inside the government for improving cybersecurity. They replied to over 3 lac phishing referrals of customers. They have also instigated takedown of over 14,000 fake websites, which were trying to gather customer data.

The NAO (National Audit Office) slammed "chaotic" approach of Whitehall by arguing that several bodies are there with the overlapping security responsibilities, which causes difficulty in finding where to go for the advice.

» SPAMfighter News - 12/2/2016