Study: 21 Billion Messages Appearing to Come from Top Brands Deemed Suspicious

Phishing costs companies around the globe $4.5 billion each year, and attacks are increasing in frequency and sophistication.

A recent study by Return Path underscores just how prevalent fraud against unprotected brands might be in mailboxes around the world.

We examined more than 200 billion messages attributed to 157 large global brands between Q4-2014 and Q1-2015 to look for suspicious emails, or emails that failed DMARC authentication, which is designed to verify the legitimacy of email senders.

Here’s a summary of our findings:

Suspicious Emails Detected

  • Potentially fraudulent or suspicious messages made up 9% of all email messages
  • In March, 11% of all email messages were deemed suspicious
  • During December’s peak volume, 13% of messages were deemed suspicious


Most Targeted Industries

  • Financial services brands were most likely to have messages classified as suspicious: 11% of email attributed to these brands could not be authenticated.screen_shot_2015_06_04_at_3_57_49_pm

Phishers Favor Parent Domains

  • The bulk of the suspicious messages (94% of all messages seen across all brands) came from parent domains (e.g.,
  • Some individual brands saw the opposite trend, especially when they promoted subdomains in their customer experience and advertising. Nearly one-third (31%) of brands had more suspicious mail attributed to subdomains than to their parent domains.

You can read the complete study here.

The first step to fighting email fraud is to implement DMARC. Download our “Getting Started with DMARC” guide to find out how to prevent cybercriminals from spoofing your brand.

Prev Next

minute read

Popular stories