UK financial services and retailers have been deemed to be an “easy target” when it comes taking action to stop cybercriminals targeting their customers by exploiting their brand name via email.
According to the Q3 TrustIndex from Agari, which for the first time independently offered data on UK companies, of 11 vertical industries and 16 UK companies examined, only four companies (Sainsbury’s, Rental Cars, Wonga and KBC Bank) were deemed to be making an effort to protect users.
Covering the period from July to September 2014, those companies deemed to be doing the best job were in social media and online retailers, with online payment services close behind.
Patrick Peterson, CEO and founder of Agari, told IT Security Guru that the index usually looks at how well brands are protecting their customers and the general consensus is that is bad. “We go out and look at the domains and crawl the domain name server and come up with a score for simplicity and we deem that if there is a low score, they are an easy target,” he said.
“If a company does everything right, then an attacker will not succeed in defrauding the customers and will succeed in stopping someone from clicking on an email.”
Peterson said that in the UK, three-quarters of companies were not doing anything and a third of the European “mega banks” were not taking any steps. Asked why they were doing so badly, Peterson said: “In the US they are ranked fifth out of the 11 vertical sectors, and in Europe they are doing badly as they are often old companies, but we have started working with them.”
To derive the TrustScore, Agari looked at the highest volume email sending domains for all 16 companies and analysed their implementation of email authentication standards, including SPF, DKIM and DMARC.
To improve the score, Peterson recommended supporting email with authentication and by providing comprehensive email authentication that includes SPF, DKIM and DMARC.