Don’t Let “Trick or Treat” become “Trick or Threat”
When you think of pretending to be someone else, what comes to mind? Dressing up as your favorite character and taking your kids trick or treating? Perhaps you like to wear a spooky mask and visit a haunted mansion. Or maybe you like handing out candy and scaring the neighborhood children with your witchy voice and pointy hat.
It’s all good fun, right? But there are plenty of others out there who also like pretending to be someone else.
They pretend to be you.
Every day people are fooled into thinking an email comes from a trusted source. They see an important message from a trusted retailer, or perhaps from their CEO. The emails seem legitimate—the name on the From line is one they recognize. Who questions it when the Chief Financial Officer purportedly asks for personal information to update corporate records? And who doesn’t jump at the chance to Get 75% off during our flash sale! when the email seems to come from our favorite retailer?
How can you protect yourself from someone who hijacks your domain to do a lot more than trick or treat? It starts with finding out who exactly is sending emails as you. Visibility is an important first step, and many organizations are shocked to find out just how frequently their domains are used for unsavory purposes.
It’s said that when we know better, we do better. But simply knowing is insufficient. It’s great to know what’s happening, but it’s so much better to do something about it.
Don’t let trick or treat become “trick or threat.”
DMARC—or Domain-based Message Authentication, Reporting, and Conformance—is the gold standard for authenticating email. All organizations, regardless of size, can take advantage of the robust standard to guarantee that only approved entities will send emails on your behalf. Yet DMARC adoption is spotty, with some industries more apt to deploy the safeguards. And among those who begin the process, a shocking 85% do not follow through to enforcement, or complete protection.
It’s kind of like watching one of the gazillion Halloween movies. You know Michael Myers is out there, but just screaming at the movie screen won’t stop the carnage. Or maybe this Halloween you’ll pretend to be GI Joe and think, “Knowing is half the battle.”
Nope. Knowing is a great first step. But getting to enforcement is what you need to guarantee that anyone sending as you actually is you.
Halloween is a great time to pretend to be someone else. But it’s an even better time to truly be the security superhero who saves the day. If you’re ready to learn more about DMARC and how it can protect your domains from trick or threat, read more at [link]. Don’t just put DMARC on your security to-do list: Get the information you need to deploy and reach enforcement quickly and effectively.
No costume needed.