Fraudulent emails from bad actors are causing significant damage to the companies and brands they are impersonating.
For example, an email designed to mimic a bank overdraft alert may be sent to millions of recipients. If this mass-mailing tricks just a few customers into transferring funds to the fraudster’s account, the phishing campaign has been successful.
Or consider a fake email that appears to come from a well-known cloud storage provider, and which requests that customers navigate to a special website for a password reset. If they follow the directions, they are unwittingly giving their login credentials to criminals.
Whether or not the manipulation works, a backlash against the impersonated brand is almost inevitable. From the target’s perspective, their trusted vendor was unable to prevent criminal and malicious corporate communications.
Most harmed individuals don’t care how the act transpired. They blame the company, harbor negative feelings, and lower their trust in the corporate brand. In fact, customers are 42% less likely to engage with a brand after being phished.
Safeguarding the Brand
DMARC adoption at enforcement allows a company to specifically authorize only valid entities to send on its behalf. That in turn blocks everyone else—both malicious actors sending fake mail as well as legitimate cloud service providers — that have not been sanctioned to send email using the company’s domain.
By successfully implementing email authentication, companies can stop all same-domain attacks, thus safeguarding the company brand.