The retail/service industry was the most-targeted by phishing attacks in the fourth quarter of 2014, according to APWG, with payment services close behind.
Implementing a DMARC (Domain-based Message Authentication, Reporting & Conformance) record can be a game-changing step for these heavily attacked retail companies, as this story from a large US retailer Return Path client proves.
In 2014, this company suffered from a major email security problem. Its main sending domain was hijacked to send more than 600,000 suspicious messages (either spam or phishing) per week. Cybercriminals were using this well-known and historic brand name to steal credit card numbers, passwords, and other private information from customers.
But the brand didn’t have a policy in place to identify and block these threats. In addition, large numbers of their legitimate emails weren’t getting through because of sub-optimal authentication protocols.
The DMARC solution
To reduce the fraud associated with this brand’s main sending domains, Return Path helped implement the email authentication standard DMARC.
DMARC ensures that legitimate email is properly authenticating against established DKIM and SPF standards, and that fraudulent activity appearing to come from domains under the organization’s control (active email domains, non-sending domains, and defensively registered domains) is blocked.
In partnership with the world’s largest consumer mailbox providers, Return Path interprets regular authentication reports to reveal what email is authenticating, what email is not, and why.
Thanks to Return Path, this retail giant gained full visibility into its email ecosystem, and can now block email attacks purporting to be legitimate before they reach the inbox.
The DMARC policy yielded profound results:
Want to hear more customer success stories from Return Path? Click here.