Who is Using Your Domain for Phishing & Spam?

Daniel Ingevaldson CTO

73% of data breaches begin with fraudulent email. The below scenarios are common methods to breach consumers’ devices or employees’ “bring your own devices.”

2

BrandErosion

UntrustedEmails

FraudExpenses

UserCreden)alCompromise

•  URLtowebsitetocapturelogincreden)als

•  Compromisedusername&passwordo9enreusedacrosswebsites

•  Emailo9enspoofsYourCompany.com,YourCompamy.com,orothertrusteddomain

MalwareInstalla)on

Most Breaches Begin with an Email

Below is a free service to create a phishing email with a fraudulent FROM address.

3

h7ps://emkei.cz/

Anyone Can Spoof

4

.…Fraudemailissenttocustomers&businesspartners..1

ItisdifficulttoidenDfyfraudulentemail.2

-  100billionspammessagesgloballyperday-  2.1millionphishingmessagesperday-  73%ofdatabreachesbeginwithafraudulentemail

-  Phishingemailscanhavea70%openrate-  50%ofuserswhoopenaphishingemailwillopentheURLora7achment

The Two Email Problems

Increase proacPve idenPficaPon and removal of threats to decrease fraud loss.

5

toDecreaseFraudLosesIncreaseProacDveAcDvity

ReduceAFackerIncen)ves•  Takedownplanneda7acksbeforetheyoccur•  Betheindustry’smostdifficulttarget

IncreaseProac)vity•  IdenDfya7acker’sinfrastructure•  Understanda7acker’sintent•  Takedowna7acker’scapability

EasySoluDons’strategymaximizesproacDvethreatremovaltosavecustomersmillionsinfraudloss.

How Loss Occurs

Email has also become an untrusted channel. Thanks to spam and phishing scams, users are taught to be wary of incoming messages.

[PERCENTAGE]

2015 Proportion of Spam in Email²

Spam

97% of people globally are unable to correctly idenPfy phishing emails³

What Does DMARC Do?

Allows email receivers to determine if an email is authentic and what to do if it isn’t

Collect reporPng from email receivers Measure global email authenPcaPon rates QuanPfy email channel health

Getting started with DMARC is easy. Any email sender and receiver can use the DMARC rails provided by the global community.

Can be deployed in Monitor, Quarantine or Reject mode.

DMARC

DMARC supports three “modes” – Monitor only, QuaranPne and Reject

11

DMARCPolicy p=None p=Quaran)ne p=Reject

SpoofingResults •  Doesn’tstopthea7ack •  Decreaseina7acksuccess •  Stopsa7acks

DomainEmailFraudwithDMARC

SpoofedEmailsSuccessfulEmails

#Em

ails

Time

Fraud Lifecycle with DMARC

It is impossible for spoofed email to be delivered to DMARC-protected email servers

“DMARC protects more than 85% of the people who receive and send email from Facebook.”

Michael Adkins, Facebook

“Implementing DMARC stopped nearly 25 million attempted attacks on our customers during the 2013 holiday season alone.”

Trent Adams, PayPay / Ebay, Chair of DMARC.org

Does it work?

OrganizaPons Using DMARC

…Andthousandsmore

The DMARC Standard

DMARC Compass® is a key component of a comprehensive online Brand Protection

strategy.

What is Needed for Complete Visibility?

Pu_ng DMARC into Context

% of Incidents from DMARC?

<20% Hacked

Sites

Social Media

Fraudulent Domains

DMARC

Malware/Mobile Apps

Non-spoofed Phish

Active Monitoring

DMARC on its own is not a complete fraud strategy – but anything that provides some visibility is a win. Make sure you have other layers in place to protect against these other threats.

18

DMARC Compass™

Detect Monitoring Service™

Threat Reduction

Attack Deactivation

DMARC Within a Brand ProtecPon Framework

19

*2014,Top40USBank

Why Easy SoluPons?

Learn more: DMARC Compass Contact us: info@easysol.net

Questions?

Sources: 1.  http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-

Executive-Summary.pdf 2. 

https://securelist.com/analysis/quarterly-spam-reports/69932/spam-and-phishing-in-the-first-quarter-of-2015/

3.  http://www.information-age.com/technology/security/123459514/think-you-can-spot-scam-97-people-wouldnt-know-phishing-email-if-it-hooked-them

4.  http://www.cmo.com/articles/2015/1/6/15_stats_marketing_ROI.html