In the world of IT security, the question is not whether a brand will be targeted; the question is when. The reality is that, somewhere in the world, cyber criminals are preparing to launch the next wave of “phishing” attacks. A group of cyber criminals recently mimicked the brand of a globally recognized bank by sending fraudulent emails attempting to steal sensitive customer data.
When evidence of these attacks rolled in, the bank’s support center staff were inundated with calls from customers inquiring about their account being suspended. That’s when the damages started to hit home. A salvage operation of this magnitude could end up costing the bank millions, permanently eroding customer trust. Once they dug deeper, the bank estimated that around a million phishing emails per year were being sent from cyber criminals abusing their brand.
That’s when Agari was brought in to prevent further phishing attacks by securing the bank’s email channel. First, they implemented an authentication capability for all email sent to customers, notifying ISPs that only authenticated email originating from the bank’s domain would be allowed. All other fraudulent, illegitimate email would be blocked from being delivered to customer inboxes.
Agari instructed the bank to identify each legitimate sender and establish standard practices and processes for its third-party governance. Any third party, that was going to send email, needed to properly authenticate or have a designated subdomain. Finally, they established a program to communicate the new policy to all marketing professionals involved with generating, designing and implementing email campaigns.
After partnering with Agari to eliminate their email as a channel vulnerable to cyber attacks, the bank also gained much needed transparency into what was occurring within their email ecosystem. Their customers had been getting around a billion emails per year, purporting to come from the bank’s domain. Of those, 194 million were malicious, phishing emails that were very damaging to their brand.
Over the next few months, they were able to successfully block 95% of fraudulent email targeting their customers. Regardless of company size or business sector, securing customer communication, particularly through the email channel, is critical to protecting customer data and safeguarding brand trust.