Open Season for Phishers

August 23, 2017

A research report examining the growing threat of phishing amid slow adoption of an email authentication standard called Domain-based Message Authentication, Report & Conformance (DMARC). The research finds that 92 percent of U.S. Fortune 500 companies have left their customers, partners and brand names vulnerable to domain name spoofing, one of the most common digital deception attack vectors.

“It is unconscionable that only eight percent of the Fortune 500, and even fewer government organizations, are protecting the public against domain name spoofing,” said Patrick Peterson, founder and executive chairman, Agari. “Phishing and other forms of digital deception are preventable, and the first step is for our largest companies and organizations to deploy DMARC, a highly-effective open standard.”

DMARC emerged in 2007 from a pilot program between PayPal and Yahoo! to eliminate phishing emails. As a founding member of DMARC, Agari has worked with the largest email account hosts (AOL, Comcast, Google, Microsoft and Yahoo!) to protect the receipt of email since January 2012. DMARC virtually eliminates domain name spoofing and its associated attacks including phishing when DMARC policies are set to quarantine or reject unauthenticated email.

Agari analyzed the DMARC policies of the corporate domains of the Fortune 500, FTSE 100 and ASX 100 using the Agari DMARC Lookup Tool. Key findings from “Agari Global DMARC Adoption Report: Open Season for Phishers” include:

•Corporations are Failing to Rapidly Adopt DMARC – Only 39 (eight percent) of the companies in the Fortune 500 are enforcing DMARC with a quarantine or reject policy. An additional 124 (24 percent) have adopted a minimal DMARC policy that monitors, but does not prevent domain name spoofing, while 337 companies (67 percent) have not adopted DMARC at all. DMARC adoption rates are similarly weak among companies in the United Kingdom’s FTSE and Australia’s ASX 100.

•DMARC Dramatically Decreases Digital Deception – Agari demonstrates how DMARC prevented delivery of more than 100 million fraudulent email messages in 24 hours.

•Early Adopters Have Realized the Benefits of DMARC – Within the Fortune 500, only the business services, financial, technical and transportation sectors have a majority DMARC adoption rate. Generally, these are the sectors that have seen digital deception compromise email, credit cards and bank accounts, among other valuable accounts. The financial sector, in particular, has taken a proactive approach to protecting itself from these types of attacks, with organizations including Financial Services Information Sharing and Analysis Center (FS-ISAC) and BITS, the technology policy division of the Financial Services Roundtable (FSR).

“DMARC is an essential tool that helps prevent spam, phishing and data loss,” said Shehzad Mirza, Director of Operations of Global Cyber Alliance. “GCA urges organizations of all sizes to embrace this technology standard to eliminate direct domain spoofing.”

Terms of Use | Copyright © 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement