Every day, hackers send out over 3.5 billion fake emails worldwide targeting companies to spear-phishing and spoofing cyberattacks. Most companies remain vulnerable to these phishing attacks simply because they’re not implementing industry-standard authentication protocols. Vast majority of these suspicious emails were found out to came from U.S.-based sources. Spear-phishing, as distinguished from regular phishing scams, is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons.
However, it’s not all bad news since ongoing research indicates that many industries are making progress in the fight against impersonation, some more quickly than others.
Implementing widely accepted email authentication standards can mitigate the fake email problem which is not easily blocked by traditional cybersecurity defenses. These email authentication standards should include Domain-based Message Authentication, Reporting, and Conformance (DMARC), Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) as well as new standards such as Authenticated Received Chain (ARC) and Brand Indicators for Message Identification (BIMI).
Research findings during the first quarter reveals that 1.2 percent of all email is suspicious and likely fake, which represents at least 3.4 billion fake emails every day. Also, nearly 80% of all inboxes worldwide which represents 5.34 billion inboxes undergo DMARC checks on inbound email. DMARC has already proven to be effective in preventing fake emails from reaching inboxes. Success rates with DMARC remain close to 20 percent in most categories, largely because the solution is difficult to configure and maintain for large enterprisesal though almost 740,000 domains now are using DMARC. As a result, many domain owners looked for third-party DMARC vendors to implement the solution for them. DMARC solutions have widely varying rates of success which are offered to buyers and the required time to get to enforcement also varies widely.
Researchers used proprietary data from an internal analysis of billions of email authentication requests and nearly 20 million publicly accessible records to compile this global view of the email fraud landscape. They confirmed that email impersonation is a phisher’s primary weapon to gain access into an organization’s network, systems, intellectual property and other sensitive assets.
A security researcher said in a statement that it remains clear that fake emails from hackers, phishers and other cyber criminals constitute the major source of cyberattacks. A robust approach to sender identification and authentication is needed to make email more trustworthy, once and for all.