Place Image
© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used
herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other
product and company names mentioned herein are the trademarks of their respective owners.
No part of this copyrighted work may be reproduced, modified, or distributed in any form or
manner without the prior written permission of Experian. Experian Confidential.
Why Marketers Should Fight Email Fraud Tuesday, May 24
2 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Follow us on Twitter
@ExperianMkt | @returnpath | @stopemailfraud
Use our hashtag #MarketersUnite
Please type in your questions using the chat box
Yes! There will be a recording
Welcome!
3 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Spencer Kollas
VP, Global Deliverability
Experian Marketing
Services
David Gamber
Marketing Specialist
Experian Marketing
Services
Brian Westnedge
Senior Director
Email Fraud Protection
Return Path
Our Speakers Today
4 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Email Fraud Overview
Why Should Marketers Care?
Email Authentication 101
Marketers Unite! Best Practices for Fighting Email Fraud
Q&A
Agenda
© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.
Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any
form or manner without the prior written permission of Experian. Experian Public.
Email Fraud Overview
6 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Email Delivers Business Value
Of customers made a
purchase following an
email marketing message
(DMA)
66% Of customers rate email
as the most preferred
method of communication
(Marketing Sherpa)
72% Of ROI comes from
targeted email campaigns.
(DMA)
77%
7 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Email Is Inherently Insecure
Source: Simple Mail Transfer Protocol (RFC 2821)
8 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
That’s Why It’s the Weapon of Choice for Cybercriminals
Customers are 42% less
likely to interact with a
brand after being phished
or spoofed
(Cloudmark)
42% Email Fraud has up to a
45% conversion rate
(Google)
45% 97% of people globally
cannot identify a
sophisticated phishing
message
(Intel)
97%
9 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Email fraud is the intentional deception made for personal gain through email.
What Is Email Fraud, Exactly?
Spam
Malicious email sent in bulk.
Spoofing
The forgery of an email so that it appears to have come from someone other than the actual source.
Phishing
A type of spam that tricks users into giving up sensitive information.
10 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
The Anatomy of a Phishing Email
to: You <[email protected]>
from: Phishing Company <[email protected]>
subject: Unauthorized login attempt
Dear Customer,
We have recieved noticed that you have recently
attempted to login to your account from an unauthorized
device.
As a saftey measure, please visit the link below to
update your login details now:
http://www.phishingemail.com/updatedetails.asp
Once you have updated your details your account will
be secure from further unauthorized login attempts.
Thanks,
The Phishing Team
1 attachment
Making an email
look legitimate by
spoofing the
company name in
the “Display Name”
field.
Tricking email
servers into
delivering the email
to the inbox by
spoofing the
“envelope from”
address hidden in
the technical header
of the email.
Including logos,
company terms,
and urgent
language in the
body of the email.
Making an email
appear to come
from a brand by
using a legitimate
company domain, or
a domain that looks
like it in the “from”
field.
Creating convincing
subject lines to drive
recipients to open
the message.
Including links to
malicious websites
that prompt users to
give up
credentials
Including
attachments
containing malicious
content.
11 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Many Phishing Emails Are Sophisticated
© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.
Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any
form or manner without the prior written permission of Experian. Experian Public.
Why Should Marketers Care?
13 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Phishing Leads to Lost Revenues
Fraud Losses Malware Infection Investigation Remediation
14 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Phishing Leads to Unwanted Media Attention
15 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Phishing Leads to Unwanted Media Attention
16 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Phishing Leads to Unwanted Media Attention
17 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Phishing Leads to Unwanted Media Attention
18 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Phishing Leads to Unwanted Media Attention
19 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Phishing Leads to Unwanted Media Attention
20 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Phishing Leads to Drop in Email Performance
1 in 5 attacks
results in reduced
deliverability
1 in 3 attacks
results in reduced
engagement
21 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Google has started to flag emails that fail email authentication checks by replacing the sender’s avatar with a red question mark:
Mailbox Providers Are Removing the Guesswork
22 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
“We’re rapidly moving toward a world where all email is
authenticated… If your domain doesn’t protect itself with
DMARC, you will be increasingly likely to see your
messages sent directly to a spam folder or even
rejected.”
—John Rae-Grant, Product Manager
23 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
As owners of the email channel, marketers have a responsibility to help protect it. Some marketers are already leading the way…
The Marketer’s Responsibility
“Our commitment to delivering unparalleled customer service has
made Neiman Marcus one of the most recognized and trusted
luxury brands in the world. Email fraud undermines that trust,
harms consumers and our business, and it needs to stop. We are
taking proactive actions to combat potential future spoofing and
phishing attacks. Working with Return Path will help us to deliver
a safe customer experience for all of our valued email
subscribers.”
—Catherine Davis, VP of Marketing, Neiman Marcus
© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.
Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any
form or manner without the prior written permission of Experian. Experian Public.
Email Authentication 101
25 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
There are three key authentication protocols to know:
1. SPF (Sender Policy Framework)
2. DKIM (DomainKeys Identified Mail)
3. DMARC (Domain-based Message Authentication Reporting & Conformance)
Email Authentication Keeps Bad Email Out
26 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Prevents fraudsters from spoofing the sending domain contained within the “envelope from” (aka mfrom or return path) address.
Makes your domain is less attractive to phishers.
SPF (Sender Policy Framework)
27 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Can ensure that the message has not been modified or tampered with in transit.
Can help inform how mailbox providers limit spam and spoofing.
Not a universally reliable way of authenticating the identity of a sender.
DKIM (DomainKeys Identified Mail)
28 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Makes the “header from” address (what users see in their email clients) trustworthy.
Helps protect customers and the brand.
Discourages cybercriminals are less likely to go after a brand with a DMARC record.
DMARC (Domain-based Message Authentication Reporting & Conformance)
29 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
The Benefits of DMARC
Protects Brand
Reputation
Grants Insight
into Threats
Increases Email
Performance
Reduces Customer
Service Cost
Reduces
Phishing Costs
© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.
Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any
form or manner without the prior written permission of Experian. Experian Public.
Best Practices for Fighting Email Fraud
31 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Communicate the risks that result from not taking action:
1. Email fraud destroys brand reputation and erodes brand trust
2. Email fraud thwarts email marketing effectiveness
3. Email fraud hurts revenue
Raise Awareness with Top Executives
32 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Some bad email will always reach the inbox. Educating customers is a great way to mitigate the impact of those fraudulent messages.
Educate Your Customers
33 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Collaborate with your security and messaging teams to:
Identify sending domains and get visibility into your email ecosystem.
Identify roles and responsibilities.
Educate your team about key authentication policies and protocols.
Collaborate with Security and Messaging Teams
34 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Invest in Email Fraud Protection
Defend Your Customers, Brand, and Bottom Line
Detect & block fraudulent
emails spoofing your
brand before they hit
consumer inboxes
Bolster malicious URL
takedown efforts with
real-time email threat
detection
Reduce spend on fraud
reimbursements, phishing
remediation, and customer
service costs
35 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Return Path Blocks Emails Spoofing Your Domains and Your Brand
© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.
Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any
form or manner without the prior written permission of Experian. Experian Public.
Conclusion
37 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Don’t depend on people as the first line of defense.
Understand who is sending emails “from you”.
Ensure that only trusted parties send email “from you”.
Rebuild trust in email and push the criminals to the margins.
Time to Secure the Email Channel!
1
2
3
4
38 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Learn More
“Plain English” blog post series
blog.returnpath.com
“The Marketers Guide to Email Fraud”
rtpth.co/MarketersGuide
39 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
For a free, 30-day trial of Return Path’s Email Fraud Protection solution, contact the EMS Client Success Team.
Free 30-day Trial!
© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.
Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any
form or manner without the prior written permission of Experian. Experian Public.
Questions?
© 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.
Thank You!