Search Close
Email Security Blog

Spear Phishing Prevention

Agari October 10th, 2013 Email Security
Fallback Featured Image

Perhaps you saw an article from Forbes on the increasing prevalence of spear phishing attacks that we included. The article, entitled “Spear Phishing 101 – Who Is Sending You Those Scam Emails And Why?” examines the social engineering aspect of these attacks and how they have morphed from more obviously fake emails to sophisticated attacks that exactly mimic the kind of email that you see everyday and are socially trained to respond to quickly, with little to no thought. No wonder that companies are spending time and money on programs to train their employees to avoid being victims of spear phishing attacks and accidentally leaking organization information in the process. However, as we have seen from other studies, it is often the top executives at a company, and thus the biggest targets of spear-phishing attacks (whaling, it’s called at the exec level) that are the most lax about following security protocols.

So what else can be done?

There is an important emerging standard called Domain based Message Authentication, Reporting and Conformance (DMARC) which utilizes long standing email authentication mechanisms of Sender Policy Framework (SPF) and Domainkeys Identified Mail (DKIM) to virtually eliminate unsolicited email. Currently ~80% of US consumer email receivers, and ~65% worldwide, respect a published DMARC policy, removing hundreds of millions of malicious emails daily from consumer mailboxes. Corporations are increasingly adopting this protocol and working with Agari and their third party vendors that send email on their behalf to implement it as well. Anyone who wants to take a proactive approach to eliminating all types of malicious email, including spear-phishing, should investigate and implement DMARC immediately.

Leave a Reply

Your email will not be published. All fields are required.

October 31, 2018 Fareed Bukhari

Business Email Compromise: 54% of Email Attacks Use Display Name Deception

September 26, 2018 Ravi Khatod

BEC: Future-Proofing Your Investment in Email Security

September 24, 2018 Armen Najarian

The CMO's Guide to Email Deliverability

September 20, 2018 AJ Shipley

With Losses from Email Attacks Rising Fast, is it Automate—or Else?

September 13, 2018 Srinivas Malladi

The Chance to Work on Advanced Email Fraud Prevention Tech? Priceless

mobile image