The Cybercrime is placed in the current and future top 10 risks globally(1) and the cost of Cybercrime is predicted to reach $ 8 trillion in 2023, while it is projected to hit an annual $10.5 trillion by 2025. If it were measured as a Country, then Cybercrime would be the world’s third largest economy after U.S. and China(2).
Phishing e-mails are leading the current ranking of top Cybersecurity threats. These e-mails usually exploit spoofing techniques, i.e. the creation of messages with a fake sender address.
In many cases, typosquatting, i.e. deliberately typing errors that could trick the recipients, is used to spoof e-mail addresses.
For example: saipem.com à saipen.com; salpem.com
However, advanced spoofing techniques can make it almost impossible for users to distinguish a legitimate message from one sent by a fake sender.
To improve the security of its own communications, for every Saipem domain, Saipem uses three protocols that work together to ensure the validity and reliability of an e-mail message:
- SPF (Sender Policy Framework): lets the domain owner authorise IP addresses that are allowed to send email for the domain. Receiving servers can verify that messages appearing to come from a specific domain are sent from servers allowed by the domain owner.
- DKIM (Domain Keys Identified Mail): adds a digital signature to every sent message. Receiving servers use the signature to verify that messages are authentic and weren't forged or changed during transit.
- DMARC (Domain-based Message Authentication, Reporting, and Conformance): tells receiving mail servers what to do when they get a message that appears to be from your organisation, but doesn't pass authentication checks, or doesn’t meet the authentication requirements in your DMARC policy record.
Saipem recommends that all potential recipients of e-mail messages that look like they come from one of the mentioned domains always check the SPF, DKIM and DMARC records and reject all communications that do not pass these checks.
Saipem considers the adoption of these protocols in e-mail communications strategic and advises all the companies in its supply chain to adopt them
To report any cases of communications that try to mimic companies of the Saipem group, please write to whistleblowing@saipem.com .
1 – World Economic Forum (WEF) – 2023 Global Risks Report
2 – Cybersecurity Ventures – 2022 Official Cybercrime Report