Editors Note: This is part three of a three-part series. For background information, read Part 1: Business Email Compromise – 54% of Email Attacks User Display Name Deception and Part 2: DMARC Adoption Rising, but 87% of Fortune 500 Still Vulnerable to Email-based Brand Impersonation.
Brand Indicators for Message Identification (BIMI) has been adopted by 48 companies, including LinkedIn, Dropbox, Aetna, and others, in just over six months, according to data captured in Agari’s new Q4 2018 Email Fraud & Identity Deception Trends report.
For those in the know, BIMI is a standardized way for brands to display their logos online, making them easy to incorporate into email, messaging, and social media applications.
To be clear, we’re not just talking about logos displayed within email messages here. With BIMI, logos are presented within the space next to messages, in space controlled by the platform provider—offering a whole new level of visibility and brand presence for businesses. Not only do businesses get free brand impressions, but the visual impact of their outbound communications is enhanced dramatically.
But what’s even cooler is that BIMI offers built-in protections that safeguard the brand, application providers, and consumers from the growing scourge of brand impersonation fraud. Over time, the presence of a BIMI-enabled brand ID should begin to boost consumer trust that a message is truly from the brand represented—and not from an imposter.
Still, will BIMI’s early traction translate into robust adoption among other brands in the months ahead? We’d better hope so.
As it stands now, brand impersonation fraud has spiked 11x since 2014. While many of these scams are initiated through social media, 80% occur through email.
The volume of such schemes is booming. More than 6.4 billion fraudulent emails are targeted to consumers and businesses every day, with the vast majority purporting to come from brands recipients know and trust.
Usually featuring subject lines meant to create a sense of urgency—think “Password Check Required Immediately,” “Your Payment Has Been Declined,” or “A Delivery Attempt Was Made”—these malicious emails are designed to fool recipients into responding quickly, usually by clicking on an embedded link.
After entering login credentials into a phishing site, or making payments that actually go to bank accounts controlled by criminals, the results can be ruinous. Last year alone, consumers lost $172 billion through these and other online rackets.
What’s more, an impersonated brand usually has no idea any of this has happened, at least until angry customers dial up their call center. The brand typically gets blamed for the deception, despite the fact it’s a victim of the cyber attack too. From there, things can go from bad to catastrophic.
Is email really that important these days? The fact is that despite texting, social media, and other new platforms, email is 40x more effective at acquiring new customers than these other channels. And 72% of consumers say they prefer email as their primary mode of communication with brands.
In all, companies generate $40 for every $1 spent—by far the highest of any digital medium. But email-based impersonation fraud can do serious damage to this channel.
Even when a customer hasn’t been directly defrauded, publicity about scams bearing your brand identity can mean they’ll be hesitant to open the next email you actually do send. Deliverability can drop precipitously. Email open rates can collapse. And a critically-important revenue stream can be crippled.
And that’s just in the immediate aftermath. Thanks to rants in media and the negative news stories they typically point to, the scandal—though no fault of the impersonated brand—is always just a Google search away.
BIMI is designed to help neutralize this threat before it can ever happen.
BIMI was developed by the “Authindicatator’s Working Group,” a standards group made up of industry leaders that include Agari. In fact, the group is comprised of some of the same forces behind the development of the DMARC (Domain-based Message Reporting and Conformance) email authentication protocol.
First introduced in March 2018, BIMI enables brands to add their logo to outbound email that has been authenticated through the DMARC standard, so long as the domain owner has set a reject policy to ensure that only fully-authenticated emails can be delivered.
Not only does this offer a visually impactful brand presence, but the logo itself is verified by both the sender and the recipient’s email systems—so it can’t be faked.
A bank, for instance, could use BIMI to display its logo in the open area next to its messages, providing enhanced brand exposure as well as something more profound—an assurance to recipients that the message really did come from the bank.
Based on the dataset reflected in our Q4 report, Agari identified 48 distinct brands or email-sending domains that have adopted BIMI. That’s an impressive clip for a standard introduced just over six months ago—and we expect this figure to grow significantly as we continue to track adoption in coming months.
Given the fact that this standard offers free brand impressions combined with a boost in email trust makes BIMI a no-brainer for businesses looking to shut down imposters.
To learn more about the latest trends in email-based brand impersonation scams and other advanced email threats, download a FREE copy of Q4 2018 Email Fraud & Identity Deception Trends from Agari.