Three Common Misconceptions About Phishing

Posted by Ash Valeski 

At Return Path, we talk to all kinds of people about email fraud—from marketing managers to Chief Information Security Officers. Often, we confront some of the same misconceptions.

So, we thought it might be useful to our audience if we debunk three of the most common misconceptions about phishing attacks here on our blog:

1. People should be the first line of defense against phishing attacks.

Companies around the world invest millions in employee and customer email security education. But despite this investment, email fraud is on the rise. In the first quarter of 2016, the Anti-Phishing Working Group (APWG) observed more phishing attacks than at any other time in history

Why? Because most people—97 percent, according to Intel—cannot identify a sophisticated phishing attack. And nearly 50 percent of recipients open phishing emails and click on malicious links within the first hour.

Your first line of defense should always be technology, not people. Email authentication is the best way to protect your customers, employees, and bottom line from email fraud.

2. Implementing a DMARC “reject” policy protects the email channel from all phishing attacks.

Luckily, many of our prospects and clients already understand the critical need for email authentication. They look to us for help implementing a DMARC (Domain-based Message Authentication Reporting and Conformance) “reject” policy on all of their owned domains. (For a refresher on what DMARC is and how it works, read this post.)

But once a “reject” policy is in place, your company is not fully protected from email fraud. Cybercriminals will find other ways to spoof your brand—by manipulating the Display Name, using “look-alike” domains, spoofing your brand in the subject line, and much more. To identify and mitigate the impact of phishing attacks beyond the reach of DMARC, you must leverage email threat intelligence.

3. Email security is the responsibility of the IT and security teams alone.

The impact of email fraud permeates the entire business. It destroys brand trust, drains capital, and reduces the performance and ROI of legitimate email campaigns.

After a phishing campaign, both users and mailbox providers don’t know what to trust and often flag legitimate emails as spam. Return Path found that one in five phishing attacks negatively impacts the deliverability of a brand’s marketing emails and one in three phishing attacks results in reduced subscriber engagement.

The solution to such a universal problem cannot be achieved in a silo.

Executives from teams across the business must unite to create and implement a common email security defense strategy founded on the latest advancements in technology and email threat intelligence. The IT and marketing teams should be at the helm of this collaboration, guiding the group to:

  • Identify the customer and security risks involved in the email channel
  • Outline solutions to these risks
  • Invest in an email defense strategy that protects the customer, the brand, and the bottom line from email fraud

Have you heard any other misconceptions? Or do you have any questions? Add them in the comments section below—we’d love to hear from you.

For step-by-step instructions on protecting your email channel, check out our Email Authentication Kit.

Author Image

About Ash Valeski

As a Senior Product Manager for Return Path’s Email Fraud Protection group, Ash is responsible for the product road map, strategy, and execution of a SaaS product used by global brands to protect their customers from email fraud. He has more than 15 years of experience in product management, marketing, and business development working at companies like Microsoft, Skype, and Tellme Networks.

Author Archive