Email Security Blog

Retail Trails Other Sectors in Adopting DMARC for Phishing Prevention

Armen Najarian February 26, 2019 DMARC

Recent research by the Agari Cyber Intelligence Division finds that the retail industry is dead last among major sectors in adopting and enforcing DMARC email authentication. This leaves their email channel vulnerable to brand impersonation attacks.

While the United States government leads in full DMARC enforcement policy, with 81% of its domains meeting the strictest DMARC standard, over 60% of retail domains surveyed between October and December 2018 had no DMARC record at all.

This is surprising, given what is at stake for retail brands, shareholders, and customers. The losses for all can be enormous.

Email Attacks: Rising Fast, Making Headlines, Hurting Brands

During the last quarter of 2018, Amazon and Netflix made headlines when their customers were targeted by phishing scams designed to steal customer data. But, here’s the rub. Both Netflix and Amazon have DMARC implemented. The cybercriminals have simply moved on to more advanced tactics, such as look-alike domains. Of course, Agari solutions address look-alike domain spoofing, but a vanilla DMARC setup does not.

DMARC does authenticate domains under the organization’s control. Without it, scammers can start exploiting a company’s domains to send predatory emails. When that happens, legitimate messaging can suffer too. Email receiver systems may send legit emails to spam folders or reject them outright. Emails that do make it to the inbox may be deemed untrustworthy by customers who fear being phished or who’ve already been scammed and blame the brand. And as marketers know, once deliverability and click-through rates decline, so does ROI.

Here at Agari, we’ve found that when organizations enforce the strictest level of DMARC policy, the rate of brand impersonation phishing attacks plummets to near zero—often in a matter of weeks. With DMARC, email receiver systems can verify which messages are authentic, so retailers stay out of the news when it comes to phishing attacks, and consumers grow to trust the brand messages in their inbox.

Full Email Protection Requires DMARC and More

As dramatic as the drop in phishing is with full DMARC implementation, DMARC alone can’t fully protect brands from the ever-growing list of threats to the email channel. Like most other businesses, retailers find themselves under attack.

Last year, more than 90% of organizations surveyed said they were victims of attempted business email compromise. That’s not surprising, considering BEC scams rose by 60% during 2018, with nearly twenty-three new brand-impersonation email attacks every minute. Email account takeover attacks also rose by 126% in 2018.

This is why we have taken a more holistic approach with the Secure Email Cloud™. To protect your brand, we automate the implementation of DMARC to accelerate time to reject. Our solutions also augment the standard with technologies that fight look-alike domains and help take down phishing sites that target your brand. This helps keep your customers safe and preserves the reputation of your brand on email.

And to combat threats targeting your organization, Agari Phishing Defense uses intelligence extracted from the roughly 2 trillion emails we analyze annually to stop business email compromise, executive spoofing, account takeover, and other attacks high efficacy—ensuring that emails targeting your employees never reach the inbox.

The Agari Phishing Response product takes this further. It provides SOC analysts the ability to prioritize employee reported phishing incidents, perform impact analysis, and then quickly conduct triage and remediation. For Microsoft Office 365, it can even physically remove threats from the inbox.

Retail Can—and Must—Catch Up Quickly

Seemingly the only thing blocking retailers from accomplishing these goals is the business imperative and will. Focusing on DMARC, other sectors have proven that gains can happen fast.

Because of a mandate called BOD 18-01, the executive branch of the United States government brought 81% of its domains into full DMARC compliance in just one year after the Department of Homeland Security ordered its implementation. And while the healthcare sector overall ranks second-to-last in overall DMARC policy adoption, Agari’s healthcare customers made huge DMARC gains in 2018, moving from last to second place.

These cases are good news for retailers who want to move quickly to adopt DMARC and advanced email security. They also show why the time to move on DMARC is now. As government, finance, healthcare, and other sectors become harder targets, fraudsters will turn their attention to softer targets—and right now retail is the softest email target of all.

Retailers need to act now to safeguard their brand reputations, top-line revenue, and shareholder value. A comprehensive solution, including DMARC authentication for outbound threats and protection against advanced inbound attacks, is available now. It’s easy to implement, and it can have massive ROI for those companies that depend so heavily on a reliable email channel.

Read the Q1 2019 Email Fraud & Identity Deception Trends report to learn more about how DMARC enforcement can protect your brand from domain spoofing.

Agari Blog Image

April 27, 2022 Monica Delyani

5 Big Myths about DMARC, Debunked

With email attacks contributing to billions of lost dollars each year, a growing number of…

Computer Showing Secure Email Server

March 9, 2022 John Wilson

Securing Your Email with DMARC

Understanding the What, How, and Why of DMARC You probably already know this, but it…

Agari Blog Image

May 11, 2021 John Wilson

Office 365 + DMARC: Best Practices for Protecting Your Company & Customers From Phishing Attacks

Gartner includes DMARC, or known by its full name as Domain-based Message Authentication, Reporting &…

Agari Blog Image

May 5, 2021 Michael Paiko

5.8B Malicious Emails Spoofed Domains; 76% of Fortune 500 Still at Risk: DMARC Results from Agari

Global adoption of Domain-based Messaging, Reporting & Conformance (DMARC) topped 10.7 million email domains worldwide…

Agari Blog Image

April 27, 2021 Michael Paiko

What Is SPF and How Does It Work?

We're going to delve into what SPF for email is, how to implement it, the…

mobile image