Brand Impersonation Phishing Attacks Grow While Organizations Fail to Protect Their Brand Using DMARC

iStock-1183143306New data from Security vendor Agari shows how identity deception techniques are being used to fool recipient victims as organizations lack the needed safeguards to ensure emails are genuine.

As attacks evolve, methods change, and new targets are identified, organizations need to equally alter their security strategies to align in order to achieve the highest levels of cybersecurity possible.

But according to insight from Agari’s Q1 2020 Email Fraud & Identity Deception Trends Report, it appears that organizations are either not paying attention or are simply not adjusting security tactics to meet the threat. Agari reports that 68% of phishing attacks impersonate brands or individuals as a means to gain trust and motivate victims to act as desired by the attacker. According to the report:

  • 36 percent use brand display name deception (e.g., using the name “Microsoft Support” but with a completely unrelated email address)
  • 32 percent use individual display name deception (e.g., using the name “Bill Gates” in the display name and an unrelated email address)
  • 20 percent use look-alike domains (e.g.,
  • 12 percent use an actual compromised account

So, how are organizations – especially those brands that are a household name – addressing the problem? As part of a layered security strategy – particularly one that works to mitigate the threat of impersonation phishing attacks – should be using DMARC as a means to confirm a senders identity.

According to the report, only 15 percent of Fortune 500 companies have a DMARC record configured to reject emails that are illegitimate senders that would help prevent cybercriminals from impersonating their brands in phishing attacks.

The other half of the equation is the user. According to Agari, 60 percent of employee-reported phishing incidents are false positives. On the plus side, it’s good that employees are erring on the side of caution. But this also directly indicates that users are not being educated on how to properly identify a phishing email in the first place – which puts into question whether they would fall victim to an actual phishing scam.

Organizations need to put DMARC in place to help keep impersonated emails from reaching the user’s Inbox, and Security Awareness Training to properly instruct users on what to look for when finding an email suspicious and how to avoid falling prey to an attack.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews