According to security firm Proofpoint, email fraud attacks in the fourth quarter of 2017 were pervasive, with 88.8 percent of organizations targeted by at least one attack.
Proofpoint detailed the findings in its Email Fraud Threat Report, which it released on Feb. 12. As part of the report, Proofpoint analyzed more than 160 billion emails, delivered to 2,400 companies around the world.
On average, Proofpoint found that organizations were more impacted by email fraud attacks in 2017 than in 2016. In the fourth quarter of 2016, Proofpoint reported that 75 percent of organizations were impacted by email fraud; that figure grew to the 88.8 percent figure for the fourth quarter of 2017. More email identities were spoofed in the fourth quarter of 2017 as well, with 47 percent of organizations having more than five spoofed email identities. A spoofed email identity is one in which a fraudster spoofs what is a legitimate email address or user identity within an organization in an attempt to trick others.
“The vast majority of information about spoofed identities comes from social media and internet searches and is easily discoverable,” Robert Holmes, vice president of Email Security Products at Proofpoint, told eWEEK. “While we haven’t done a systematic analysis of this, we did analyze the identities spoofed for a few companies and found that 78 percent of them were on LinkedIn.”
Holmes said Proofpoint also saw that the majority of the spoofed identities had finance or accounting related job titles. He added that there are also databases of employees that are inexpensively available on the dark web.
“But, fraudsters don’t stop there,” Holmes said. “They also research the business partners and vendors of their targeted organizations.”
DMARC
Email is easily spoofed and used by attackers for fraud when organizations don’t properly protect their domain name and email servers. One of the best ways to help protect the integrity of email domains is with the Domain-Based Message Authentication (DMARC) policy and report protocol.
The U.S. government has mandated that its agencies move toward supporting DMARC. According to Proofpoint’s analysis, 52 percent of U.S. government agencies now have DMARC support for their email domains.
“Fifty-two percent represents progress, but it should have been 100 percent,” Holmes said. “In our view, the holdup was due to competing priorities and compliance violation.”
Proofpoint has seen that many agencies are attempting to implement DMARC by themselves, which can present challenges if they lack the required expertise, Holmes said. Although DMARC can help protect against email fraud attacks by verifying that an email came from a given domain, it is not a complete solution for all forms of email attacks.
“DMARC alone should not be thought of as the silver bullet to stop email fraud as there are various techniques used by attackers in addition to domain spoofing, including lookalike domain spoofing,” he said.
With a lookalike domain, attackers use a misspelled name or some other form of typo in an attempt to trick users. Proofpoint recommends a multilayered approach to solving the full email fraud challenge. The approach includes DMARC authentication, dynamic email analysis to block display name spoofing at the gateway, and lookalike domain discovery to search for domains that have recently been registered by third parties.
Looking forward, Holmes is not particularly optimistic about future trends for email fraud improving.
“We don’t see any end in sight for the growth of email fraud given the low barrier to entry and the potentially high gains, which could be millions of dollars for a single successful campaign,” he said. “The data from January alone suggests that email fraud will continue to grow considerably in 2018.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.