Three Common Misconceptions About Phishing

At Return Path, we talk to all kinds of people about email fraud—from marketing managers to Chief Information Security Officers. Often, we confront some of the same misconceptions.

So, we thought it might be useful to our audience if we debunk three of the most common misconceptions about phishing attacks here on our blog:

1. People should be the first line of defense against phishing attacks.

Companies around the world invest millions in employee and customer email security education. But despite this investment, email fraud is on the rise. In the first quarter of 2016, the Anti-Phishing Working Group (APWG) observed more phishing attacks than at any other time in history

Why? Because most people—97 percent, according to Intel—cannot identify a sophisticated phishing attack. And nearly 50 percent of recipients open phishing emails and click on malicious links within the first hour.

Your first line of defense should always be technology, not people. Email authentication is the best way to protect your customers, employees, and bottom line from email fraud.

2. Implementing a DMARC “reject” policy protects the email channel from all phishing attacks.

Luckily, many of our prospects and clients already understand the critical need for email authentication. They look to us for help implementing a DMARC (Domain-based Message Authentication Reporting and Conformance) “reject” policy on all of their owned domains. (For a refresher on what DMARC is and how it works, read this post.)

But once a “reject” policy is in place, your company is not fully protected from email fraud. Cybercriminals will find other ways to spoof your brand—by manipulating the Display Name, using “look-alike” domains, spoofing your brand in the subject line, and much more. To identify and mitigate the impact of phishing attacks beyond the reach of DMARC, you must leverage email threat intelligence.

3. Email security is the responsibility of the IT and security teams alone.

The impact of email fraud permeates the entire business. It destroys brand trust, drains capital, and reduces the performance and ROI of legitimate email campaigns.

After a phishing campaign, both users and mailbox providers don’t know what to trust and often flag legitimate emails as spam. Return Path found that one in five phishing attacks negatively impacts the deliverability of a brand’s marketing emails and one in three phishing attacks results in reduced subscriber engagement.

The solution to such a universal problem cannot be achieved in a silo.

Executives from teams across the business must unite to create and implement a common email security defense strategy founded on the latest advancements in technology and email threat intelligence. The IT and marketing teams should be at the helm of this collaboration, guiding the group to:

  • Identify the customer and security risks involved in the email channel
  • Outline solutions to these risks
  • Invest in an email defense strategy that protects the customer, the brand, and the bottom line from email fraud

Have you heard any other misconceptions? Or do you have any questions? Add them in the comments section below—we’d love to hear from you.

For step-by-step instructions on protecting your email channel, check out our Email Authentication Kit.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time