Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Brand Impersonation Phishing Attacks Grow While Organizations Fail to Protect Their Brand Using DMARC

    iStock-1183143306New data from Security vendor Agari shows how identity deception techniques are being used to fool recipient victims as organizations lack the needed safeguards to ensure emails are genuine.

    As attacks evolve, methods change, and new targets are identified, organizations need to equally alter their security strategies to align in order to achieve the highest levels of cybersecurity possible.

    But according to insight from Agari’s Q1 2020 Email Fraud & Identity Deception Trends Report, it appears that organizations are either not paying attention or are simply not adjusting security tactics to meet the threat. Agari reports that 68% of phishing attacks impersonate brands or individuals as a means to gain trust and motivate victims to act as desired by the attacker. According to the report:

    • 36 percent use brand display name deception (e.g., using the name “Microsoft Support” but with a completely unrelated email address)
    • 32 percent use individual display name deception (e.g., using the name “Bill Gates” in the display name and an unrelated email address)
    • 20 percent use look-alike domains (e.g., microsooft.com)
    • 12 percent use an actual compromised account

    So, how are organizations – especially those brands that are a household name – addressing the problem? As part of a layered security strategy – particularly one that works to mitigate the threat of impersonation phishing attacks – should be using DMARC as a means to confirm a senders identity.

    According to the report, only 15 percent of Fortune 500 companies have a DMARC record configured to reject emails that are illegitimate senders that would help prevent cybercriminals from impersonating their brands in phishing attacks.

    The other half of the equation is the user. According to Agari, 60 percent of employee-reported phishing incidents are false positives. On the plus side, it’s good that employees are erring on the side of caution. But this also directly indicates that users are not being educated on how to properly identify a phishing email in the first place – which puts into question whether they would fall victim to an actual phishing scam.

    Organizations need to put DMARC in place to help keep impersonated emails from reaching the user’s Inbox, and Security Awareness Training to properly instruct users on what to look for when finding an email suspicious and how to avoid falling prey to an attack.

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Phishing, Security Awareness Training, Cybercrime

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews