Red Sift, a data-driven cybersecurity platform, has published new research into the UK’s top 50 most valuable brands’ email domains, revealing that 86% of these brands do not have the appropriate measures in place to fully protect their customers from email fraud with the GDPR deadline looming.
The snapshot study focused specifically on determining whether or not these industry giants were able to prevent email scammers from hijacking their own brand domains, given that in 2017 almost half of all phishing emails were targeted at consumers[1]. The finding serves as a stark warning to brands and consumers alike about the continued need to remain vigilant of email threats and take appropriate action to prevent such scams from occurring in the first place.
“While it’s simple for consumers to spot hoax emails with spelling and grammatical errors, or a nonsensical email address, fraudulent emails originating from legitimate email domains are much harder to identify,” said Randal Pinto, co-founder and COO, Red Sift. “86% of organisations rely on email as their primary channel for consumer communication[2]. It’s time they took it upon themselves to protect their customers from phishing attacks that hijack their branding and domain to dupe the recipient.”
The results were gleaned by reviewing the domains of the top 50 UK brands and analysing which were using DMARC (Domain-based Message Authentication, Reporting and Conformance), an email protocol globally acknowledged as the only way to guarantee the legitimacy of an email’s sender. DMARC not only prevents scammers from impersonating the user’s domain, but also ensures far higher levels of email deliverability to intended recipients. DMARC is widely acknowledged as a bellwether for the cybersecurity health of an organisation – the protocol can be implemented without the heavy lifting required by many other security solutions on the market, making the omission of a secure DMARC policy from a security strategy a clear indication of the business’s cybersecurity posture.
The results highlighted only 14% of these top brands had the DMARC protocol in place and configured appropriately, while a further 4% had implemented DMARC but not to the tightest level, meaning spoofed messages could still make it into recipients’ spam folders.
“We are slowly losing confidence in the legitimacy of marketing emails as the threat of phishing attacks increase. It’s time for organisations to align brand safety with cybersecurity and take proactive steps to ensure the correct protocols are in place, so that not only do emails reach their intended recipients but with high-scoring sender reputation, organisations aren’t blacklisted and consigned to the junk folder,” continued Pinto.
Recent research from Phishme.com (now Cofense) shone a light on the problem of phishing attacks – the study revealed 91% of cyber attacks start with email impersonation. And now with GDPR less than a month away, it’s vital that organisations bolster their cyber defences to demonstrate they are safeguarding their customers’ data to avoid the sizeable fines. Implementing DMARC shows the organisation has taken the relevant steps to prevent data loss via phishing.
With analysts estimating 3.8 billion email users by 2019, Red Sift is calling for marketers and brands to implement quick and effective measures to ensure their digital communications and customers are safe.
[1] https://www.wombatsecurity.com/blog/2018-state-of-the-phish-phishing-data-insights-and-advice
[2] https://www.wordstream.com/blog/ws/2017/06/29/email-marketing-statistics
Research methodology: Red Sift conducted the study in May 2018, using the following domains: