How to Detect that Your Domains are Being Abused for Phishing by Using DNS

The Dutch Tax and Customs Administration deals with criminals claiming to be representatives of the organization and contacting the public with phishing e-mails every day. By using several standard defined in RFC's, we have developed a technique to identify phishing attacks that are carried out under our disguise. We will discuss protocols such as: STARTTLS, SPF including advanced options, DKIM, DMARC, DANE and MTA-STS. Finally, we present a framework we have developed that gives you more insight in these phishing attacks. We firmly believe that if these techniques are used everywhere, it would lead to a significant decresease of phishing e-mails.

Details

time: 14:50
speakers:

Other sessions:

Upping the Game and Closing the Loop: Cyber Training Innovation to Counter Skill Scarcity and Improve Analysis


We Are Going to Kill Passwords (or at Least Try)


Mnenomic Phrases and Derivation Paths: Challenges and Solutions


A Novel Approach to Defensible Privileged Information Filtering


Phishing Domain Detection using AI


Solved || Dissolved: National Security in a Digital Society