Recent security findings have revealed that 80% of Fortune 500 companies have been vulnerable to email-based attacks. The reason is the slow adoption of DMARC in the H1 of 2020.
DMARC stands for ‘Domain-based Message Authentication, Reporting & Conformance’. It is a standard email authentication, policy, and reporting protocol. It secures email domains against cyber criminals activities.
According to the security analysis of DMARC adoption trends worldwide, around 20% of organizations adopted DMARC in the first half of 2020. It further revealed that:
- From March to June 2020, there has been a 3000% increase in email-based attacks exploiting the COVID-19 pandemic.
- 66% of these email-based attacks were brand impersonations.
- These attacks exploited big names like World Health Organization (WHO) and the Centers for Disease Control (CDC).
- On average, 90% of undetected email-based attacks successfully make it to the inboxes of employees. Shockingly, this happens for every verified malicious email that is reported by an employee.
- 31% of US customers were attacked with pandemic-themed phishing emails.
- The year 2020 has seen slower DMARC adoption as compared to the 85% growth in 2019.
Scammers send 3.1 billion emails from spoofed domains every day, according to Forbes. In fact, over 90% of cyber attacks are attempted with emails. Email scams have cost $26 billion over the last 6 years, says FBI.
The Rapidly Increasing Email-based Attacks
The Media Post published an article on June 09, 2020. It discussed how cybercriminals have leveraged COVID-19 to increase email spoofing attacks.
It stated that the U.S. leads have expected an increase in the web and email spoofing attacks with 55% on alert. This was followed by the UK with 54% and Saudi Arabia and UAE with 53%.
The article also discussed how security researchers surveyed 1,025 IT decision-makers. While 97% of them were aware of DMARC, only 28% of those implemented it in their organizations.
In this ongoing pandemic, emails have become the prime vector for attempting cyber crimes. Cyber threat actors exploit emails by spoofing email domains of legitimate sources to launch phishing, ransomware, and other cyber attacks.
There has been a huge spike in impersonation attacks such as BEC attacks. Whereas, there was a 30% increase in the first 100 days of the occurrence of COVID-19.
Even in our blog ‘Middle East Hit By A Wave Of Phishing Attacks In Q2 Of 2020’, we discussed how email-based attacks have become more sophisticated.
Organizations need to understand the cruciality of implementing standard email authentication protocols. Email spoofing, spamming, BEC attacks, phishing attacks, etc., are on the rise due to a lack of security practices and policies.
In this new normal where employees are still working remotely, IT decision-makers should take the necessary initiatives. They should employ standard email authentication protocols like DMARC, SPF, and DKIM primarily.
How must Organizations Secure their Email Domain?
Organizations can secure their email domain against domain forgery by implementing a DMARC configuration tool. For this, TDMARC is the most trusted industry-leading email authentication and anti-spoofing tool.
This tool is developed and designed to monitor all three outbound email authentication protocols i.e. DMARC, SPF, and DKIM. TDMARC secures the email domain against email spoofing, spamming, BEC attacks, etc.
TDMARC Offers Following Features:
- Customizable Threat Summary: Get the email domain threat summary at any time as per your requirement.
- Email Channels Insight: Gain full insight into email channels, including third-party emails and abuse.
- SMART DMARC: Set DMARC in a click-through TDMARC dashboard without the need to revisit the DNS.
- SMART SPF: Alter IPs and email sources in the SPF record through the dashboard sans the need to visit the DNS.
- Alerts & Reports: Recieve automated alerts and reports of threat details through emails.
- IAM (Identity Access Management): Control user access to critical information within the organization.