20 Phishing Emails Beyond DMARC's Reach

As a founding member of DMARC (Domain-based Message Authentication Reporting and Conformance), Return Path is excited about how the standard has reshaped the email fraud landscape by disrupting longstanding phishing strategies, and forcing cybercriminals to abandon preferred targets.

But while we’ve had the privilege of helping our customers realize the success of DMARC first hand—one of our financial services clients was able to block 96% of all fraudulent traffic spoofing their domains—we also know that DMARC alone isn’t enough.

Email Threats Beyond DMARC
While DMARC will protect your sending domains from being spoofed, it will not address brand spoofing email attacks. Brand spoofing attacks originate from domains outside of an organization’s ownership and control, including look-alike domains or other domains unrelated to the company’s brand.

Last month, Return Path released a whitepaper analyzing 760,000 email threats targeting 40 of the world’s largest brands. In this report, we found that nearly half of all email threats spoofed the brand in the “Display Name.” This is important because mail clients and mobile devices often only reveal the “Display Name” portion of a message to the end user, making it easier for the average consumer to fall victim to brand spoofing attacks. When 97% of people globally can’t correctly identify a sophisticated phishing email, brand spoofing threats simply cannot be ignored.

10 Global Brands Under Attack
The examples below highlights phishing emails, targeting 10 global brands, that are not addressable by DMARC. Attacks like these, beyond DMARC’s reach, make up 70% of all email-borne threats and highlight the fact that a multi-layered security strategy is the best defense against phishing.

Visibility is a critical pillar to that defense strategy, and email threat intelligence is the best way to get it. Brands that use DMARC and email threat intelligence together can act quickly to eliminate the impact of email fraud.

Here are 20 email threats beyond DMARC’s reach:

Airbnb

screen_shot_2015_10_12_at_12_44_08_pm

screen_shot_2015_10_12_at_12_44_15_pm

Chase

screen_shot_2015_10_12_at_12_46_02_pm

screen_shot_2015_10_12_at_12_46_08_pm

Lloyds Bank

screen_shot_2015_10_12_at_12_47_58_pm

screen_shot_2015_10_12_at_12_48_03_pm

Apple

screen_shot_2015_10_12_at_12_47_25_pm

screen_shot_2015_10_12_at_12_47_33_pm

Dropbox

screen_shot_2015_10_12_at_12_49_53_pm

screen_shot_2015_10_12_at_12_49_58_pm

Facebook

screen_shot_2015_10_12_at_12_51_49_pm

screen_shot_2015_10_12_at_12_51_54_pm

Deutsche Bank

screen_shot_2015_10_12_at_12_53_28_pm

screen_shot_2015_10_12_at_12_53_33_pm

Danske Bank

screen_shot_2015_10_12_at_12_54_12_pm

screen_shot_2015_10_12_at_12_54_17_pm

SunTrust Bank

screen_shot_2015_10_12_at_12_55_18_pm

screen_shot_2015_10_12_at_12_55_24_pm

PayPal

screen_shot_2015_10_12_at_12_56_12_pm

screen_shot_2015_10_12_at_12_56_18_pm

minute read

Popular stories

Products

BriteVerify

BriteVerify email verification ensures that an email address actually exists in real-time

DemandTools

The #1 global data quality tool used by thousands of Salesforce admins

Everest

Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality

Solutions

Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time