DMARC@ICICI.BankReBIT Operational Excellence Webinar Series

Domain-based Message Authentication, Reporting & Conformance (DMARC) is a powerful tool in combating email frauds such as phishing, email spoofing, and ransomware. This webinar series explores the benefits of DMARC implementation, providing insights into enhancing customer trust and protecting against evolving email threats. Learn about the key learnings and best practices for implementing DMARC effectively in your organization.

• DMARC
• Email frauds
• Phishing
• Cybersecurity
• Webinar

bail_yn Follow

Uploaded on Feb 28, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. DMARC@ICICI Bank ReBIT - Operational Excellence Webinar Series (DMARC) Bhavin B. Bhansali (bhavin.bhansali@icicibank.com) DGM, Information Security Group, ICICI Bank Ltd. May 11, 2017

2. Common email frauds Phishing Business email compromise Ransomware Data breach Scams 2

3. and email spoofing makes it more legit E-mail spoofing is the forgery of an e-mail so that the message appears to have originated from someone other than the actual source 3

4. DMARC in action DMARC - Domain based Message Authentication, Reporting & Conformance 4

5. Benefits of DMARC Increase in Customer & employee protection against email frauds Customer trust Insight to evolving email threat landscape Email protection using DMARC Reduction in Senior mgmt. escalation Bank s liability for phishing emails Customer service cost Phishing fraud/remediation cost 5

6. Pre- DMARC phishing sample email (1/2) 66

7. Phishing website 7

8. Phishing email sample (2/2) Source - http://www.incometaxindia.gov.in/ 88

9. Phishing website Source - http://www.incometaxindia.gov.in/ 99

10. Approach for DMARC implementation Domain identification DMARC implementation Integration with monitoring controls Identify all cust. domains Identify the key domains from cust. risk perspective Seek confirmation from all business units on outsourced email arrangements Move to DMARC monitoring mode Ensure DMARC record is implemented for all mail servers sending emails for the domain Move to DMARC quarantine/block mode Integrate DMARC data feeds with anti-phishing process Integrate DMARC data feeds with Fraud Management System/SIEM 10

11. Key learnings - DMARC implementation Ensure appropriate collaboration of implementation, email & biz teams @ Ensure outsourced email service arrangements are inventorised Update the email domain induction process Review the evolving modus operandi of fraudsters Regularly review that no genuine emails are blocked Best things come in small packages 11

12. Post-DMARC phishing email 12

13. Thank you (bhavin.bhansali@icicibank.com)