Impostor email attacks that seek to defraud recipients through email fraud and credential phishing are becoming more sophisticated. Cybercriminals are progressively taking on more identities that are trusted by individuals within organizations. These threats have moved beyond “whaling” tactics, or CEO-to-CFO spoofing, and are now targeting individuals deeper within organizations and across various business units. Proofpoint’s own extensive research found that during each of the first two quarters of 2017, an average of 12 people were targeted by email fraud within any given organization. That’s a 50% increase over each of the previous quarters.
Cybercriminals are also increasingly spoofing an organization’s trusted business partners or vendors. In fact, the same research demonstrates that companies with more complex supply chains (e.g. manufacturing) are targeted by email fraud more often. And the news headlines of recent partner spoofing attacks demonstrate the impact that a few highly targeted, socially engineered emails can make. These email attacks that often don’t include a malicious payload and bypass traditional security tools, end up in the inbox – leaving the unsuspecting victim as the organization’s last line of defense.
The good news is that a large percentage of these email attacks are preventable by implementing DMARC (Domain-based Message Authentication Reporting & Conformance) authentication. Email authentication brings trust back to business communications by ensuring that senders are who they say they are. Organizations can take back control of the email sent on their behalf by creating a policy that instructs email receivers on what to do with email that fails authentication. And so, you’re not only protecting your brand reputation, but you’re also protecting your customers, business partners, and vendors as well.
Locking down their own email domains is crucial, but organizations should also be able to validate all of the email received at the gateway to protect their employees from BEC, partner spoofing, and other impostor email attacks. This includes email sent from within the same organization and email sent from outside entities, such as business partners or vendors within the supply chain. When configured for DMARC enforcement, the receiving email gateway honors the authentication policy created by the sender to deliver legitimate email and block any fraudulent messages before they reach the inbox.
Proofpoint Email Fraud Defense helps organizations implement email authentication efficiently and safely. We have announced a new integration with Proofpoint’s Email Protection gateway that expands the visibility, tools, and services that Email Fraud Defense provides to help organizations protect their employees, customers, and partners. With Email Fraud Defense, organizations can identify and authorize all legitimate senders – both those who send email on the organization’s behalf and those who send email to its employees – and block impostor email attacks across their email ecosystems. Learn more about the 360 degree visibility that organizations get with Proofpoint Email Fraud Defense: https://www.youtube.com/watch?v=fP1NZvdaHMQ&t=58s