Two cybersecurity companies, Agari and Farsight Security, published a report that revealed that 90% of brands fall prey to domain name fraud. At the same time, Farsight Security discovered that 99% of the sites in its study didn’t use DMARC, an important email authentication protocol that Gmail and some governments have already deployed for their email systems to lower email fraud and phishing attempts.
DMARC - Important Against Domain Spoofing
Without DMARC authentication, malicious actors can impersonate legitimate companies in the emails they send as spam to internet users. The users would see the “sender email” as a legitimate-looking email address, such as “firstname.lastname@example.org,” even though the email would have nothing to do with PayPal, in this case.
Malicious actors can steal users’ credentials by sending them in to fake PayPal log in pages, too, or by sending them email attachments infected with malware. Many users may open these attachments because they would trust the legitimate-looking “source.”
Patrick Peterson, founder and executive chairman, Agari said:
Email and phishing remain a top source of cyber-attacks and data breaches. This groundbreaking report provides compelling evidence of the successes of DMARC adoption in protecting customers and brands, driving phishing rates near zero. However, with DMARC enforcement at only 27% of those firms who have adopted DMARC, it also shows how few enterprises have put these proven controls in place.
The research by Agari and Farsight Security found that healthcare is the most targeted industry by phishers right now. Over 92% of healthcare domains have been targeted by domain name spoofing. In fact, the majority of emails (58%) that appear to be sent by healthcare companies are actually sent by malicious actors. This not only endangers patients, but also lowers their trust in healthcare providers in general. Only between 10% and 20% of the healthcare companies use DMARC authentication for their domains.
The research also found that the government sector is the second most attacked industry, with 87% of the domains being targeted. Over 12% of the emails that appear to be sent by the U.S. government are malicious, which is significantly higher than the global average of 3%.
As we’ve seen in other reports, phishing is a thriving industry for malicious actors. This is in part because companies don’t authenticate their domains, email providers don’t enforce that authentication, and also because it’s quite an effective way to get someone’s credentials or infect them with malware if the attackers can send the victim an email that looks legitimate.