SwiftOnSecurityDec 31, 2022
Worse, even if you get an email from your mastodon instance (or ANY web service), an authorized SMTP system could have been hijacked and the link directed to a phishing page, potentially even hosted on a hijacked subdomain.
Layers and layers of caution are required whenever you are prompted to take an unusual action.
https://mstdn.social/@stux/109603992325592066
sΡ‚Ο…xπŸŽ„ (@[email protected])

Attached: 1 image ⚠️ WARNING! ⚠️ I just received this email in a catch-all that was addressed to a user. Mastodon does NOT such mails and this leads to a malicious login page! Please make sure you are on the correct instance URL before logging in! Also make sure the emails are send from the instance you are on! Often this email can be found on the /about page #Mastodon

Mastodon 🐘
Show threadSwiftOnSecurityDec 31, 2022
NOTE: Humans reduce their ability to detect/resist fraud when under time pressure. See how the email puts the victim under duress by threatening to delete messages. To act as quickly as possible. This is a huge red flag that will help you if you know to look for it in attacker communications (or life in general). Because attackers know this is a shortcut to better results.
Show threadSwiftOnSecurityDec 31, 2022
At my work we are planning for this kind of nightmare scenario by moving to tightly-governed and logged SMTP relays. It will take a lot of work but giving vendors SPF/DKIM, although MUST be done in interim as soon as possible so you can get DMARC to enforcement, is a blank check when you are an incredibly sensitive service/huge target.
Most should not worry about this there's a 100 things more important but understand the exposure.
Show threadSean Whalen πŸ‘¨πŸΌβ€πŸ¦ΌπŸ³οΈβ€πŸŒˆπŸ‡ΊπŸ‡¦πŸ•ŠοΈDec 31, 2022

@SwiftOnSecurity #DMARC can definitely be a PITA to implement, particularly for large organizations with many domains and email sources, but it is well worth the pain. That's why I wrote a complete guide and open source software to send DMARC reports to #Splunk and #Elasticsearch. I included pre-made dashboards too.

https://seanthegeek.net/459/demystifying-dmarc/

https://domainaware.github.io/parsedmarc/

Demystifying DMARC: A guide to preventing email spoofing

Learn how the SPF, DKIM, DMARC email authentication standards work together to prevent unauthorized email spoofing β€” and how to use open source tools to deploy DMARC for free

seanthegeek.net
Show threadGreg Thomson
@seanthegeek @SwiftOnSecurity DMARC certainly is a test of an orgs domain governance.
There are some quick wins.
1) Just getting the report set up without enforcement provides great visibility.
2) Slapping a simple reject policy on any parked domains protects them from being abused.
Dec 31, 2022 at 6:24pmWeb
Show threadSean Whalen πŸ‘¨πŸΌβ€πŸ¦ΌπŸ³οΈβ€πŸŒˆπŸ‡ΊπŸ‡¦πŸ•ŠοΈDec 31, 2022
@gregthomson @SwiftOnSecurity Absolutely! #DMARC is also a fantastic tool for uncovering "shadow IT": the undocumented and/or unauthorized services used by different parts of your organization.