The vast majority of the UK’s top 50 most valuable brands are leaving their customers wide open to email fraud and phishing attacks by failing to implement security industry standards to protect them from scammers.
According to an investigation carried out by cybersecurity platform Red Sift, 86% of these brands are not using Dmarc (Domain-based message authentication, reporting and conformance), an email protocol globally acknowledged as the only way to guarantee the legitimacy of an email’s sender.
Dmarc not only prevents scammers from impersonating the user’s domain, but also ensures far higher levels of email deliverability to intended recipients and is widely acknowledged as a bellwether for the cybersecurity health of an organisation.
The snapshot study focused specifically on determining whether or not these industry giants were able to prevent email scammers from hijacking their own brand domains, given that in 2017 almost half of all phishing emails were targeted at consumers.
The company insists that the findings serve as a stark warning to brands and consumers alike about the continued need to remain vigilant of email threats and take appropriate action to prevent such scams from occurring in the first place.
Only 14% of these top brands had the Dmarc protocol in place and configured appropriately, while a further 4% had implemented Dmarc but not to the tightest level, meaning spoofed messages could still make it into recipients’ spam folders.
“While it’s simple for consumers to spot hoax emails with spelling and grammatical errors, or a nonsensical email address, fraudulent emails originating from legitimate email domains are much harder to identify,” said Randal Pinto, co-founder and chief operations officer at Red Sift. “It is estimated that 86% of organisations rely on email as their primary channel for consumer communication. It’s time they took it upon themselves to protect their customers from phishing attacks that hijack their branding and domain to dupe the recipient.”
Related stories
Firms warned over new wave of nefarious cyber attacks
UK firms ‘leaving themselves wide open to ransomware’
Rehab camps to turn hackers into cybersecurity experts
Data breaches ‘hit shares, sales and growth for years’
25 million UK adults in the dark over theft of their data
Bargain hunters urged not to get hooked by phishing