The broad scope of counterfeit campaigns and unclear boundaries of abuse make it challenging to successfully mitigate online threats targeting retail brands. There is a fine line between infringement and fair use of publicly made materials, as well as immeasurable online environments where counterfeit campaigns may live and grow.
It’s not news that cybercrime is a constant battle—large enterprises and small businesses everywhere are susceptible to a myriad of advanced email threats and socially engineered attacks, such as executive or brand impersonation. According to IC3’s Internet Crime Report, over $44 million in losses in 2021 were a direct result of malicious phishing and advanced email scams.
Social media threats targeting enterprises more than doubled last year. Attacks on the retail industry specifically have grown, as threat actors are targeting victims with impersonation and counterfeit ad campaigns.
With competition soaring and email-based brand impersonation scams skyrocketing 11x since 2014, your most important digital marketing channel could be in serious danger—along with the revenue it generates. But an email standard called Brand Indicators for Message Identification (BIMI) offers a way to fight back.
This post originally appeared on the Armadillo Blog and has been lightly edited for clarity.
Most organisations have been successful in blocking malicious emails targeted at their employees, at least to some extent. Various on-premise and cloud providers exist to take care of anti-spam, anti-virus, reputation scores, and advanced features such as sandboxing of executables.
Recent research by the Agari Cyber Intelligence Division finds that the retail industry is dead last among major sectors in adopting and enforcing DMARC email authentication. This leaves their email channel vulnerable to brand impersonation attacks.
Adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC) has seen modest growth in recent months, with 6.1 million domains now possessing valid DMARC records, according to our new Q1 2019 Email Fraud & Identity Deception Trends Report.
That's up from 5.3 million in October—a 15% increase in the number of domains protected against email-based "brandjacking" scams that target consumers and businesses by impersonating trusted brands.
Memo to hospitals and healthcare providers: A growing number of phishing scams are targeting consumers—including your customers and patients—through email messages that appear to come from your brand. As these attacks continue to rise in coming months, they could cost consumers—and your brand—plenty.
Because email remains the most ubiquitous form of business communication, it continues to be a favorite attack vector for cybercriminals. Email has always been vulnerable because it was not originally designed with security or privacy in mind. As a result, email security vendors emerged to protect this critical communication channel. In the early days, many vendors used signature or reputation-based detection technologies, which later evolved into sandboxing and dynamic analysis and, for a time, were very effective.
Editor's Note: This article is Part 2 in a three-part series based on findings from the Q4 2018 Email Fraud & Identity Deception Trends report. Click here to read Part 1.