The proliferation of email cyber security attacks has had a sizable impact on corporate brands. Fraudulent emails from bad actors are causing significant damage to the companies and brands they are impersonating. Though the vast majority of these fraudulent messages don’t originate from the spoofed organization’s servers, they get blamed for the attack.
For example, an email designed to mimic a bank overdraft alert may be sent to millions of recipients. If this mass-mailing tricks just a few customers into transferring funds to the fraudster’s account, the phishing campaign has been successful. Or a fake email that appears to come from a well-known cloud storage provider may request that customers navigate to a special website for a password reset; if they follow the directions, they are unwittingly giving their login credentials to criminals.
Whether or not the manipulation works, a backlash against the impersonated brand is almost inevitable. From the target’s perspective, their trusted vendor was unable to prevent criminal and malicious corporate communications. Other recipients will simply stop trusting all messages that appear to come from a brand, once it has been impersonated.
In fact, most harmed individuals don’t care how the act transpired. They blame the company, harbor negative feelings, and lower their trust in the corporate brand.
Safeguarding the Brand
But it doesn’t have to be this way. Instead, adopting email authentication standards can help a company stop all unauthorized email sent in their name and shut down impostors trying to imitate legitimate corporate communications.
Without email authentication, creating a fraudulent message can be as simple as typing “firstname.lastname@example.org” into the ‘From:’ field. However, DMARC adoption at enforcement allows a company to specifically authorize only valid entities to send on its behalf, and blocks everyone else—both malicious actors sending fake mail as well as legitimate cloud service providers that have not been sanctioned to do so.
By successfully implementing email authentication, companies can stop all same domain attacks, thus safeguarding the company brand. This gives CEOs and CMOs a significant new weapon to stop fake email communications from giving the company a bad name.