Spammers top spoofing targets are still finance and travel industries

Large US firms make slow progress on SPF, DKIM and DMARC security

The travel industry and large banks were the US industries most abused by spam and malicious email in the second quarter of 2014, according to Agari's Email TrustIndex.

The Index (registration required) is a combined abstraction of two things. First, and most importantly, the extent to which each of the 147 well-known US brands and their industry sectors are targeted by spam and malicious email passing itself off as genuine.

A second dimension is how well these project email security using authentication standards such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authetication, Reporting and Conformance).

Banks have always been a favourite for cybercriminals - consumers are roughly 15 times more likely to be sent bogus or spoofed email abusing this sector than from an airline - but for some reason the travel industry shot up the index into third place after showing an 800 percent increase in abuse.

As for implementing email security, all sectors showed small but encouraging improvements, with the best performers being social firms (i.e Twitter, Facebook), e-tailers, payments and retail. Only seven firms achieved a 'perfect' 100 for email security; Capital One, DocuSign, Facebook, JPMorgan Chase, Netflix, Newegg and Twitter.

Technology-wise, SPF is used by 91 percent of the 147 firms, DKIM by 66 percent, and the most recent, DMARC by 38 percent, with the top-rated firms being the most likely to use Agari's recommended DMARC.

Interestingly, Agari makes some judgments about individual firms and their adoption - or lack of adoption - of email security. In retail, only one firm, Apple, was given top marks, with Target in the 'under construction' (improving) category. For e-tailers, Amazon, and Netflix were highly-rated while Rakuten and Market America were 'easy targets'.

According to Agari, industries also varied quite widely in their implementation of email security; in the oft-exploited logistics sector, FedEx and UPS were given good marks while DHL and TNT Express weren't.

Airlines were generally pretty terrible at implementing email authentication - 88 percent of that sector are described by Agari as 'easy targets'.

Agari promotes DMARC, a recent technology through which servers can communicate whether the sender is using SPF or DKIM and how to treat emails that try to spoof email without implementing these security layers.

DMARC sn't without its complications - earlier this year Yahoo's implementation of it led to some criticism that it could outlaw legitimate maliling lists.

Join the CSO newsletter!

Error: Please check your email address.

Tags Capital OnesecurityDocuSignNeweggtwitternetflixCapitaFacebook

More about AppleCapital OneDocuSignFacebookFedExNetflixTechnologyYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E. Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place