Yes, phishing DOES leave a DMARC trail !

Interesting report with great insight from two industry heavyweights focused on the protection of email domains against abuse, Anti Phishing Working Group (APWG) and dmarcian Inc detailed some surprising results.

The report combined APWG’s eCX databases holding approx 27 million reports and 8 million IPs with dmarcian’s HUGE database consisting of 2 billion reports and over 18 million unique IPs.

But a quick test – next time you read about a data breach – have a quick look to see if that organisation has a basic SPF or DMARC record. No need for a hacker to spend extensive effort to search for a zero day vulnerability when a basic phishing email can do the trick !! Hello Singapore Health !!

The report can be found here:

Phishing leaves a DMARC trail

Key insights include

  • Way too many organisations DO NOT have a SPF or DKIM record to protect their email domains
  • Phishing (this is essentially a fake email) can be STOPPED with the implementation of SPF and DKIM
  • DKIM spoofing is prevalent and requires regular cycling of the selector tag
  • Banking industry is the worst industry in the adoption of DMARC

This aligns with our own adhoc data that we see with many of our own customers.
The organisations most likely to be attacked by phishing aka fake emails include banks and other financial institutions. This is a well known fact, since the early days of phishing during the early 2000s.
It is still surprising that the banking and finance industries are still prominent targets and yet most haven’t added the basic protection of DMARC.

A quick analogy – I prefer to secure my car by closing the windows and locking the doors. Many organisations are happy to leave their car unlocked in plain sight and don’t care about who takes it for a quick drive !!

So in the digital world, do you know who is using your email domains and for what purpose ?

By Con Lokos