Return Path Helps Top Swedish Online Marketplace Cut Phishing Emails by 99%
According to PricewaterhouseCoopers (PwC), retail companies today are more likely to report cyber crime incidents than businesses from any industry other than financial services.
Blocket AB, Sweden’s largest marketplace for buying and selling goods online, found that they were no exception to this disconcerting trend.
Blocket’s phishing awareness efforts fell short
Email security was a big challenge for the Blocket team. Their customers were phished regularly, and those attacks were starting to cause serious damage to the business. Aside from the hard costs of responding to customer service inquiries that were flooding in, brand trust was taking a big hit.
“In any highly competitive marketplace, customer trust in your brand is business-critical,” said Thomas Bäcker, Blocket’s Head of Customer Security. “If you’re actively working on building trust with customers, then you need to consider the impact of email fraud.”
Prior to working with Return Path, Blocket relied on educational campaigns to help customers identify phishing emails. These proved to be ineffective; the number of customer service tickets related to phishing continued to skyrocket.
The business case for investing in email fraud protection
When Blocket’s customer security team proposed working with Return Path, Bäcker had to back up the investment.
“I told the executive team that each customer service ticket had a cost to the business and that the only way to reduce those costs was to implement an email fraud protection solution like Return Path’s,” he said.
Blocket leveraged the Return Path and Corporation Service Company (CSC) partnership for their Email Fraud Protection solution. Initial efforts focused on getting a DMARC (Domain-based Authentication Reporting and Conformance) record in place to both gain visibility into email streams and block malicious traffic leveraging Blocket’s domains.
Combatting domain spoofing and brand spoofing attacks
As expected, once the malicious actors realized their messages were getting blocked by DMARC, they changed tactics from spoofing Blocket’s direct sending domains to spoofing the Blocket brand.
Since DMARC can’t protect against email attacks coming from domains out of a brand’s control, Blocket used Return Path’s Email Threat Intelligence capability to gain insights into all email attacks spoofing their brand, including the survey scam below.
Partnering with Return Path empowered Blocket to address email authentication issues on all mail streams, identify and block malicious messages, and ensure that the delivery of their legitimate messages was not impacted by the DMARC implementation.
The benefits were immediate:
- Blocket now has total visibility into email attacks sent from domains outside of its control, allowing it to provide more holistic protection to its customers and brand.
- Blocket saw a dramatic reduction in suspicious messages after implementing a DMARC reject policy from 2.7 million in December 2014 down to just 13,700 three months later—a reduction in volume of 99%.
- Customer service tickets relating to email phishing dropped by 70% after implementing DMARC.
About Brian Westnedge
Brian is Senior Director of Client Services for Email Fraud Protection at Return Path, where his team supports our customers with strategy and implementation to keep malicious mail out of the inbox while protecting legitimate mail. He has been with Return Path for 12 years and has spent a majority of that time fighting email fraud and abuse and advocating on behalf of brands and consumers around the world. Connect with Brian @bwestnedge on Twitter.