Most brands do not have the appropriate measures to fully protect their customers from email fraud, it’s claimed.
A study by cyber firm Red Sift looked at whether the UK’s top 50 most valuable brands’ email domains were able to prevent email scammers from hijacking their own brand domains, given that in 2017 almost half of all phishing emails were targeted at consumers. The firm warns about the continued need to remain vigilant of email threats and to act to prevent such scams in the first place.
Randal Pinto, co-founder and COO, Red Sift, said: “While it’s simple for consumers to spot hoax emails with spelling and grammatical errors, or a nonsensical email address, fraudulent emails originating from legitimate email domains are much harder to identify. 86 per cent of organisations rely on email as their primary channel for consumer communication[2]. It’s time they took it upon themselves to protect their customers from phishing attacks that hijack their branding and domain to dupe the recipient.”
The results were gleaned by reviewing the domains of the top UK brands and analysing which were using DMARC (Domain-based Message Authentication, Reporting and Conformance), an email protocol acknowledged as the only way to guarantee the legitimacy of an email’s sender, the cyber firm says. DMARC not only prevents scammers from impersonating the user’s domain, but also ensures far higher levels of email deliverability to intended recipients. DMARC is widely acknowledged as a bellwether for the cybersecurity health of an organisation – the protocol can be done without the work required by many other security products on the market, making the omission of a secure DMARC policy from a security strategy an indication of the business’s cybersecurity posture.
According to Red Sift only 14pc of these top brands had the DMARC protocol in place and configured appropriately, while a further 4pc had DMARC but not to the tightest level, meaning spoofed messages could still make it into recipients’ spam folders.
Pinto added: “We are slowly losing confidence in the legitimacy of marketing emails as the threat of phishing attacks increase. It’s time for organisations to align brand safety with cybersecurity and take proactive steps to ensure the correct protocols are in place, so that not only do emails reach their intended recipients but with high-scoring sender reputation, organisations aren’t blacklisted and consigned to the junk folder.”
