Sponsored: Protecting your Domain and Users from Phishing Attacks
This post is sponsored by Valimail
There’s no doubt that email is easily one of the most popular vectors for malicious attacks on your environment. That’s mainly because email is an essential part of our daily business and personal communications. A recent survey1 showed that the total number of business and consumer emails sent and received per day exceeded 293 billion in 2019 and is estimated to grow to over 347 billion by the end of 2023. The total number of worldwide email users is expected to grow to over 4.3 billion by the end of 2023
This ubiquitous usage makes email a primary target for hackers and cybercriminals. Typically, with an email exploit, the recipient is tricked into opening a malicious attachment or clicking a link that leads to a malicious web site. Sometimes the goal is to get the user to divulge their credentials or to supply some type of confidential data. There’s no doubt that email is easily one of the most popular vectors for malicious attacks on your environment. That’s mainly because email is an essential part of our daily business and personal communications.
In other cases, the goal is to install and run malicious software on the user’s system that loads some type of malware or ransomware. Today’s COVID-19 pandemic has made this situation even more difficult as many businesses have quickly enabled remote working policies for their employees and the systems these employees use don’t always have the same security and protections in place for remote workers.
Common Types of Email Threats
The most common flavor used by phishing emails include impersonation of brands or employees; these fake emails are designed to build a false sense of trust or urgency on the part of the recipient. Attackers use a variety of techniques to accomplish this like spoofing trusted domains, fake branding, or impersonating known users so that the target is deceived into thinking that it is an authentic email.
Deceptive phishing emails target the user by posing as a legitimate website with the goal of enticing the user to pay some sort of fee. Spear phishing emails are aimed at fooling the user into divulging their personal information and data.
According to the FBI2, phishing attacks have caused at least $26 billion in losses in the past five years. Other sources have noted that 83% of email attacks are brand impersonations and another 6% are impersonations of people. Nearly 90% of all email attacks rely on falsely impersonating the sender’s identity.
Email Protection with DMARC
One of the best defenses that you have against email fraud is Domain-based Message Authentication, Reporting, and Conformance (DMARC). DMARC is an email protocol designed to help ensure the authenticity of the sender’s identity: DMARC protects email from spoofing, phishing and spamming by making certain that the email sender is authentic. Valimail has a free research report that dives deep into email phishing and how to use DMARC to protect your domain and users from phishing.
Domain spoofing is the core technique used by most phishers. These phishing attacks use the exact domain of the entity they’re impersonating in the From field of the phishing email message; DMARC prevents spoofing of domains by unauthorized senders. Once DMARC is enforced, a domain can only be used by authorized senders.
DMARC Has Proven to be Effective
The number of attempts to spoof a domain typically drops to zero or near zero within a few months after that domain is protected by DMARC enforcement. A Gartner report from March 20203 states “Using a third-party tool or service to manage and implement DMARC is often the most effective way of getting to the point where emails can be rejected if they fail DMARC”.
The use of DMARC has been growing rapidly. According to Valimail, the number of domains protected with DMARC is now in excess of one million; that’s an increase of 48% over the previous year.
To learn more about how you can use DMARC to help prevent email fraud you can check out Valimail’s latest research report here.