Phishing attacks are on an upswing. More than 91 percent of data breaches begin with phishing acts. Many corporate and government data have been compromised only due to a minor case of phishing. Nevertheless, the concerned authorities still omit the cyber-security measures they ought to take. According to a report by Agari, only 39 out of 500 U.S. Fortune companies have opted for DMARC email security.
A domain-based message, authentication, reporting and conformance (DMARC) is an authentication protocol. It rejects email messages that belong to an unauthorized or unrecognized source. Spoofed email addresses are used by phishing attackers to make their trace seem genuine to you.
DMARC was invented in 2007 as a new standard for cyber-security. It was formed as a partnership between Yahoo and PayPal.
Top firms in Australia, U.S. and U.K. have failed to incorporate the DMARC feature in their systems. This has led to innumerous cyber breaches and hacks in their services. Domain name spoofing, therefore has a high chance over the information of brand names, customers, partner of these organizations.
The 39 U.S. companies which have this DMARC protection make up only 8 percent of the total. Another 124 firms which rely upon this attribute do not prevent the domain name spoofing. This makes up about 24 percent. The remaining 337 companies have no defense system at all.
“It is unconscionable that only 8 percent of the Fortune 500, and even fewer government organizations, are protecting the public against domain name spoofing,” Patrick Peterson, executive chairman of Agari research spoke up.
The numbers in U.K. and Australia are equally bad. Only 1 company listed in the U.K. stock market index exhibits a full DMARC quarantine spam folder tool. And around 6 percent show up a DMARC reject service. While two-thirds of the major companies do not have any DMARC policy. In Australia, 73 percent firms contained in the Australian Stock Exchange 100 do not have the DMARC feature enabled.
The director of operations of Global Cyber Alliance, Shehzad Mirza made note that the described authentication standard can ward off the phishing crimes. “DMARC is an essential tool that helps prevent spam, phishing and data loss. GCA urges organizations of all sizes to embrace this technology standard to eliminate direct domain spoofing.”