Using Return Path Data to Protect Your Brand: Security Breakout Session - LA
1 like305 views
The document discusses the rising trends of email fraud and its significant impact on brand security, highlighting that phishing attacks cost businesses $4.5 billion annually and lead to trust erosion among customers. It emphasizes the importance of employing data-driven strategies, such as DMARC, to combat email spoofing and protect brand integrity. Additionally, it offers tactical advice for organizations to educate customers, enhance email authentication, and raise awareness among executives about the risks associated with email fraud.
Using Return Path Data to Protect Your Brand: Security Breakout Session - LA
- 1. Using Return Path Data to Protect Your Brand Security Breakout Session Brian Westnedge, Sr. Director of Client Services
- 2. Agenda • Email fraud trends and impact • The power of data: email threat intelligence • The Return Path Data Cloud • Tactics used by cybercriminals today • Unite against email fraud: tips for defending your customers, brand, and bottom line • Questions
- 3. Email Fraud Trends & Impact
- 4. Email Delivers Business Value… Increases Customer Loyalty Boosts Revenue Reduces Operating Costs
- 5. …But Its Impact Is Being Eroded 5 out of 6 big companies are targeted with phishing attacks Phishing costs brands worldwide $4.5 billion each year RSA identifies a phishing attack every minute Email fraud has up to a 45% conversion rate Source: http://www.emc.com/emc-plus/rsa-thought-leadership/online-fraud/index.htm $4.5 B 1 MIN 5/6 45%
- 6. Phishing Leads To – Revenue Losses • Reduced trust in brand: • Subscribers don’t know what to trust • Reduced effectiveness of email • ISPs don’t know what to trust Customers are 42% less likely to interact with a brand after being phished or spoofed.
- 7. Phishing Leads To – Unwanted Media Attention
- 8. “If you boil the jobs down of IT security professionals, they are ultimately tasked with protecting the brand… If you have a breach, research suggests that 60% of your customers will think about moving and 30% actually do.” Bryan Littlefair Global Chief Information Security Officer Aviva
- 9. Phishing Leads To – Remediation Costs Fraud Losses Malware Infection Investigation Remediation
- 10. Can You Spot a Spoof?
- 11. Anatomy Of A Phishing Email to: You <you@yourdomain.com> from: Phishing Company <phishingcompany@spoof.com> subject: Unauthorized login attempt Dear Customer, We have recieved noticed that you have recently attempted to login to your account from an unauthorized device. As a saftey measure, please visit the link below to update your login details now: http://www.phishingemail.com/updatedetails.asp Once you have updated your details your account will be secure from further unauthorized login attempts. Thanks, The Phishing Team 1 attachment Making an email look legitimate by spoofing the company name in the “Display Name” field. Tricking email servers into delivering the email to the inbox by spoofing the “envelope from” address hidden in the technical header of the email. Including logos, company terms, and urgent language in the body of the email. Making an email appear to come from a brand by using a legitimate company domain, or a domain that looks like it in the “from” field. Creating convincing subject lines to drive recipients to open the message. Including links to malicious websites that prompt users to give up credentials Including attachments containing malicious content.
- 12. From: service@paypal.com <paypal@service.com> From: PayPal <paypal@e.paypal.co.uk>
- 13. The Power of the Right Data
- 14. Knowledge Is Your Best Defense • We know there is no silver bullet. • But defense starts with understanding. • Data is the key to that understanding.
- 15. Breadth, Depth, and Speed Contactually Molto ParibusGetAirHelp Message Finder UnsubscriberOrganizer
- 16. EMAIL THREAT DATA · Consumer inbox data · Email delivery data · Authentication results · Message level data · SPAM trap & complaints data EMAIL THREAT INTELLIGENCE · Domain-spoofing alerts · Brand-spoofing intelligence · Suspicious activity map · Fraudcaster URL feed · Sender Score: IP reputation
- 17. Email Fraud: Primary Attack Vectors Domain Spoofing (from domains owned by the brand) Brand Spoofing (from domains outside the brand’s control) phish@company.com company@phish.com
- 18. 30% of Attacks Spoof Domains You Own 30% Domain Spoofing • Active Emailing Domains • Non-Sending Domains • Defensively-Registered Domains 70% Brand Spoofing • Cousin Domains • Display Name Spoofing • Subject Line Spoofing • Email Account Spoofing Source: Return Path / APWG White Paper, 2014
- 19. Unite Against Email Fraud Tips for defending your customers, your brand, and your bottom line.
- 20. Leading Companies Fighting Email Fraud
- 21. DMARC (Domain-based Message Authentication Reporting & Conformance): • Technical specification created to help reduce the potential for email- based abuse (www.dmarc.org) • Prevents domain-based spoofing by blocking fraudulent activity appearing to come from domains under your control • Provides threat reporting mechanism (aggregate and forensic data) #1: Authenticate Your Email
- 22. “Simply put, the DMARC standard works. In a blended approach to fight email fraud, DMARC represents the cornerstone of technical controls that commercial senders can implement today to rebuild trust and retake the email channel for legitimate brands and consumers.” Edward Tucker Head of Cyber Security Her Majesty’s Revenue & Customs
- 23. • Addressing the 70% of email attacks that spoof your brand using domains your company does not own requires email threat intelligence. • Get visibility into all types of email threats targeting you today. #2: Leverage Email Threat Intelligence
- 24. • The reality is, some attacks are always going to get through. • The more prepared your customers are, the better. • Create an educational website • Include anti-fraud language within your legitimate email • In the event of an attack, warn your customers immediately #3: Educate Your Customers
- 25. • Engage with Brand Protection teams to make the business case. • Create a sense of urgency. • Communicate the risks that result from not taking action: • Email fraud destroys brand reputation and erodes customer loyalty • Email fraud thwarts email marketing effectiveness • Email fraud negatively impacts revenue #4: Raise Awareness with Top Executives
- 26. Learn More www.returnpath.com/StopEmailFraud Twitter: @StopEmailFraud New: Download the Email Threat Intelligence report at bit.ly/EmailThreatIntel