At least 3.4 billion fake emails are sent around the world every day — with most industries remaining vulnerable to spear-phishing and “spoofing” cyberattacks simply because they’re not implementing industry-standard authentication protocols, according to a Valimail report. The research report also found that the vast majority of suspicious emails emanate from U.S.-based sources.
It’s not all bad news, however. Ongoing research also indicates that many industries are making progress in the fight against impersonation, some more quickly than others.
To compile this global view of the email fraud landscape, Valimail used proprietary data from an internal analysis of billions of email authentication requests and nearly 20 million publicly accessible records. The Spring 2019 Email Fraud Landscape report confirms that email impersonation — accounting for 1.2% of all email sent in the first quarter of 2019 — is a phisher’s primary weapon to gain access into an organization’s network, systems, intellectual property and other sensitive assets.
The fake email problem — which is not easily blocked by traditional cybersecurity defenses — can be ameliorated by implementing widely accepted email authentication standards. These include Domain-based Message Authentication, Reporting, and Conformance (DMARC), Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) as well as newer standards such as Authenticated Received Chain (ARC) and Brand Indicators for Message Identification (BIMI).
DMARC in particular has proven to be especially effective in preventing fake emails from reaching inboxes. The study shows that nearly 80% of all inboxes (5.34 billion) around the world perform DMARC checks on inbound email, and nearly 740,000 domains now use DMARC.
However, enforcement rates with DMARC continue to hover around 20% in most industries, largely because the solution is difficult to configure and maintain for large enterprises. For that reason, many domain owners have turned to third-party DMARC vendors to implement the solution for them.
“It remains clear that fake emails from hackers, phishers and other cyber criminals constitute the major source of cyberattacks,” said Alexander García-Tobar, CEO at Valimail.
“As more companies recognize and respond to email vulnerabilities, we expect to see organizations continue to deploy authentication technologies to protect against untrusted and fraudulent senders. The fact is that too many attackers are using impersonation to get through existing email defenses. A robust approach to sender identification and authentication is needed to make email more trustworthy, once and for all.“