The emails were sent to the head of the Indian unit and provided instructions for transmitting money to a special bank account to pay for a pending acquisition. The fraudsters even impersonated the CEO during bogus conference calls during which the fictitious acquisition was discussed. After the money was wired to the account, the scammers withdrew it within minutes.
Email integrity is crucial for digital marketing on a variety of fronts. Email scams can cause the general public to become distrustful of the medium, which obviously could greatly complicate marketers’ efforts to reach potential customers.
At the same time, brands themselves can fall victim to email scams that can cost millions of dollars in addition to potential embarrassment.
Despite those concerns, a substantial portion of American corporations and public sector organizations, including the White House, have failed to implement DMARC, or Domain-based Message Authentication, Reporting and Conformance. DMARC is an email-validation system designed to detect and prevent email spoofing, or the use of forged sender addresses that are often used in phishing and email spam.
Debate over the merits of DMARC exist, but advocates of the system maintain it can go a long way in helping to reduce risks associated with email fraud. DMARC is a fairly complicated system. It includes standards for screening out suspicious emails and it also provides a framework for communicating those standards to senders of emails.
More specifically, it specifies if emails must meet Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) standards, which are both programs that seek to weed out bogus emails. One description, which may be oversimplified, explains that DMARC pings an email sender's domain to ensure that the email sender is in fact affiliated with the domain.
Late last year, AGRI reported that adoption of DMARC has been rising, with 51% of Fortune 500 companies having embraced the security program.
AGRI provides cloud-based technology that uses predictive artificial intelligence to stop advanced email attacks. It notes that even though many companies have embraced DMARC, only 13% have set up the DMARC enforcement policies needed to activate protection through the program.
In addition, out of 283 million registered public domains recently assessed, only a small number have implemented enforcement policies. The White House also appears vulnerable, having failed to comply with an order issued 15 months ago by the Department of Homeland Security that states all federal agencies must implement DMARC, reports The Washington Post.
Not everyone is convinced, however, that the benefits of DMARC justify the amount of work required to implement the program. In a column in Nextgov, Eyal Benishtim, who is the founder and chief executive officer of email security company IRONSCALES, maintains that DMARC isn’t a bulletproof program.
In his view, DMARC can help fight advanced phishing attacks, but it doesn’t protect against the more common scams that use display name spoofing and domain impersonations. With that in mind, he believes implementing DMARC may give individuals and organizations a false sense of security.
Mailsploit, which is a collection of bugs that are distributed by email and then inserted into email clients to allow sender spoofing and code injection attacks, can slip past DMARC safeguard. Mailsploit is one of the newest and more dangerous forms of email threats. The bugs have been found in Apple Mail, Mozilla Thunderbird, various Microsoft email clients, Yahoo! Mail and others.
Email security is also a social issue in the sense the employees need to be trained on how to recognize and respond to suspicious emails.
