Open Season for Phishers
August 23, 2017
research report examining the growing threat of
phishing amid slow adoption of an email authentication standard
called Domain-based Message Authentication, Report & Conformance
(DMARC). The research finds that 92 percent of U.S. Fortune 500
companies have left their customers, partners and brand names
vulnerable to domain name spoofing, one of the most common
digital deception attack vectors.
•Corporations are Failing to Rapidly Adopt DMARC – Only 39 (eight percent) of the companies in the Fortune 500 are enforcing DMARC with a quarantine or reject policy. An additional 124 (24 percent) have adopted a minimal DMARC policy that monitors, but does not prevent domain name spoofing, while 337 companies (67 percent) have not adopted DMARC at all. DMARC adoption rates are similarly weak among companies in the United Kingdom’s FTSE and Australia’s ASX 100.
•DMARC Dramatically Decreases Digital Deception – Agari demonstrates how DMARC prevented delivery of more than 100 million fraudulent email messages in 24 hours.
•Early Adopters Have Realized the Benefits of DMARC – Within the
Fortune 500, only the business services, financial, technical
and transportation sectors have a majority DMARC adoption rate.
Generally, these are the sectors that have seen digital
deception compromise email, credit cards and bank accounts,
among other valuable accounts. The financial sector, in
particular, has taken a proactive approach to protecting itself
from these types of attacks, with organizations including
Financial Services Information Sharing and Analysis Center (FS-ISAC)
and BITS, the technology policy division of the Financial
Services Roundtable (FSR).