Phishing: Today’s Big Security Problem, Tomorrow’s Big Marketing Problem
Phishing attacks are becoming more sophisticated and more common. Recent analysis reveals that an increasing amount of potentially fraudulent email is attributed to prominent global brands across a spectrum of industries. In addition to posing security risks and eroding consumer trust, email fraud may threaten targeted brands' ability to reach their customers.
According to the latest figures from Return Path, roughly 9% of email appearing to come from leading brands during Q4-2014 and Q1-2015 was deemed suspicious, meaning the messages' true origin could not be authenticated. In all cases, the messages were sent from third-party IP addresses not known to have permission to send email on the brands' behalf. While this doesn't always indicate email fraud, suspicious messages are considered more likely to put recipients at risk.
In this analysis, all of the brands included use the DMARC standard to see suspicious mail attributed to them. The standard also allows them to stop suspicious messages from reaching consumers. Of 235 billion messages evaluated during the six-month span, 21 billion were classified as suspicious and potentially fraudulent. And while the proportion of suspicious mail peaked at 13% during the holiday season, it remained elevated — near 10% throughout Q1-2015. That means that billions of messages that seem to come from international financial services providers, top-tier retailers, major airlines, and government agencies may in fact be sent by cyber criminals.
Frequently the organizations whose names are used in attacks like these don't find out about them until customers alert them, often by flooding call centers. This adds another set of costs to the scramble to fix the damage done to customer relationships. Brands that use authentication-based solutions, including the DMARC standard, can detect these threats before they reach customers, but reducing the expense of clean-up may become a tangential benefit if mailbox providers treat DMARC adoption as a requirement for inbox placement.