Who is Using Your Domain for Phishing & Spam?
Daniel Ingevaldson CTO
73% of data breaches begin with fraudulent email. The below scenarios are common methods to breach consumers’ devices or employees’ “bring your own devices.”
2
BrandErosion
UntrustedEmails
FraudExpenses
UserCreden)alCompromise
• URLtowebsitetocapturelogincreden)als
• Compromisedusername&passwordo9enreusedacrosswebsites
• Emailo9enspoofsYourCompany.com,YourCompamy.com,orothertrusteddomain
MalwareInstalla)on
Most Breaches Begin with an Email
Below is a free service to create a phishing email with a fraudulent FROM address.
3
h7ps://emkei.cz/
Anyone Can Spoof
4
.…Fraudemailissenttocustomers&businesspartners..1
ItisdifficulttoidenDfyfraudulentemail.2
- 100billionspammessagesgloballyperday- 2.1millionphishingmessagesperday- 73%ofdatabreachesbeginwithafraudulentemail
- Phishingemailscanhavea70%openrate- 50%ofuserswhoopenaphishingemailwillopentheURLora7achment
The Two Email Problems
Increase proacPve idenPficaPon and removal of threats to decrease fraud loss.
5
toDecreaseFraudLosesIncreaseProacDveAcDvity
ReduceAFackerIncen)ves• Takedownplanneda7acksbeforetheyoccur• Betheindustry’smostdifficulttarget
IncreaseProac)vity• IdenDfya7acker’sinfrastructure• Understanda7acker’sintent• Takedowna7acker’scapability
EasySoluDons’strategymaximizesproacDvethreatremovaltosavecustomersmillionsinfraudloss.
How Loss Occurs
Email has also become an untrusted channel. Thanks to spam and phishing scams, users are taught to be wary of incoming messages.
[PERCENTAGE]
2015 Proportion of Spam in Email²
Spam
97% of people globally are unable to correctly idenPfy phishing emails³
What Does DMARC Do?
Allows email receivers to determine if an email is authentic and what to do if it isn’t
Collect reporPng from email receivers Measure global email authenPcaPon rates QuanPfy email channel health
Getting started with DMARC is easy. Any email sender and receiver can use the DMARC rails provided by the global community.
Can be deployed in Monitor, Quarantine or Reject mode.
DMARC
DMARC supports three “modes” – Monitor only, QuaranPne and Reject
11
DMARCPolicy p=None p=Quaran)ne p=Reject
SpoofingResults • Doesn’tstopthea7ack • Decreaseina7acksuccess • Stopsa7acks
DomainEmailFraudwithDMARC
SpoofedEmailsSuccessfulEmails
#Em
ails
Time
Fraud Lifecycle with DMARC
It is impossible for spoofed email to be delivered to DMARC-protected email servers
“DMARC protects more than 85% of the people who receive and send email from Facebook.”
Michael Adkins, Facebook
“Implementing DMARC stopped nearly 25 million attempted attacks on our customers during the 2013 holiday season alone.”
Trent Adams, PayPay / Ebay, Chair of DMARC.org
Does it work?
OrganizaPons Using DMARC
…Andthousandsmore
The DMARC Standard
DMARC Compass® is a key component of a comprehensive online Brand Protection
strategy.
What is Needed for Complete Visibility?
Pu_ng DMARC into Context
% of Incidents from DMARC?
<20% Hacked
Sites
Social Media
Fraudulent Domains
DMARC
Malware/Mobile Apps
Non-spoofed Phish
Active Monitoring
DMARC on its own is not a complete fraud strategy – but anything that provides some visibility is a win. Make sure you have other layers in place to protect against these other threats.
18
DMARC Compass™
Detect Monitoring Service™
Threat Reduction
Attack Deactivation
DMARC Within a Brand ProtecPon Framework
19
*2014,Top40USBank
Why Easy SoluPons?
Sources: 1. http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-
Executive-Summary.pdf 2.
https://securelist.com/analysis/quarterly-spam-reports/69932/spam-and-phishing-in-the-first-quarter-of-2015/
3. http://www.information-age.com/technology/security/123459514/think-you-can-spot-scam-97-people-wouldnt-know-phishing-email-if-it-hooked-them
4. http://www.cmo.com/articles/2015/1/6/15_stats_marketing_ROI.html