For this month of May, I have selected and analyzed an email from Nickel ! Why this choice? Quite simply because it addresses a topical issue, namely the numerous attempts at identity theft (cf. phishing) and theft of confidential/personal data.
But what is Nickel?
1 Account + 1 Bank Card + 1 RIB opened in 5 minutes at your tobacconist's. Open to all with no conditions and no minimum income...
As you may have guessed, this is an online bank (or neobank)!
Recently, I received an email in my Outlook inbox with the subject line "Outwit fraudsters". Nothing better than to analyze this email and see if the authentication (SPF / DKIM / DMARC / BIMI), everything has been put in place... The last straw would be that it's not all NICKEL 😉
The pluses that caught my attention:
As with every analysis, I start with the points that caught my attention, the authentications and the content of the email.
Authentication SPF / DKIM / DMARC : It's perfect that way! Only one domain (en.communications.nickel.eu) used for authentication, which means that SPF and DKIM are fully aligned with the sending domain! The SPF record has a STRICT qualifier (-all) with a restricted number of IPs (only 1 netblock allowed, i.e. 256 IPs maximum), the DKIM signature is signed on the sending domain and the DMARC record is restrictive. In short, it's nickel chrome 🙂
* SPF (MailFrom) : STRICT qualifier (v=spf1 ip4:130.248.198.0/24 -all)
* DKIM (From): encrypted key with 2048-bit length
* DMARC (From) : REJECT policy (p=reject)
However, we could go further in DMARC registration by adding a STRICT alignment policy, since the use of this domain is very restricted. This would reinforce the security of this sender domain. This would give :
* Optimized DMARC registration with SPF and DKIM STRICT alignments: v=DMARC1; p=reject; fo=1; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com; aspf=s; adkim=s;
Email content The email theme is in line with current cyber events (cf. the numerous thefts of customer data from certain brands), so Nickel has once again got it right!
As we all know, cyber criminals are becoming more and more numerous and ingenious!
The email could be broken down into 2 parts. The first is a game of 10 mistakes to be found in a capture of a fake Nickel email (the answers are on a dedicated page via a link below the image)... Perhaps it would have been better to use an animated gif? (according to Expert Marion Duchatelet - which would have been - in my opinion - an excellent idea too)... The second part concerns good practices to be checked before any action (and not necessarily only on the email :p). It includes a list of the sender domains used by Nickel, and a reminder that a Nickel advisor will never ask for sensitive banking information...
The - that caught my attention :
As for the points for improvement in this Nickel email, I've picked out 2:
BIMI authentication BIMI is the big absentee in authentication, and yet for the banking sector, I would have thought Nickel had thought of it! Especially since Nickel is eligible for BIMI... Even if Microsoft doesn't support BIMI (maybe one day, who knows!), I wouldn't have seen the logo in my Inbox. On the other hand, users of Gmail, Yahoo, La Poste or Sfr would benefit from the logo being displayed in the inbox (and thus the blue checkmark of Gmail or the purple checkmark of Yahoo), which would ultimately reinforce the user experience with the brand, but also the legitimacy and security of the sending domain.
The Dark Mode Even if the email reads very well in dark mode, I still notice a lack of visibility of the logo, which is black on a very dark gray background.
How do you feel about this Nickel e-mail? Do you also receive such e-mails from your bank or other organizations?
Please visit our page dedicated to our e-mail selections and analyses 🙂
Enjoy your reading!