SYDNEY - September 16, 2015 - Data solutions provider Return Path today announced the launch of its Email Threat Intelligence capability and its first publicly available analysis of current email fraud tactics, the Email Threat Intelligence Report. Return Path's solution applies message-level data analysis toward the detection of email fraud that cannot be identified by authentication-based technology. Recent analysis shows that brand spoofing, a tactic employed to evade authentication-based email filters, is widely used in phishing attacks against brands and consumers.
Brand spoofing refers to falsifying the display name, email account, or even subject - so a fraudulent message looks like it has come from a trusted brand. Domain spoofing refers to messages that falsify the sending domain to match one under the brand’s control. Brands can deploy authentication-based solutions like DMARC (Domain-based Message Authentication, Reporting and Compliance) to protect consumers from domain spoofing. However, Return Path estimates that only 30% of email attacks against brands use this tactic. Return Path Email Threat Intelligence was developed to detect the remaining 70% of threats not addressable by DMARC.
Powered by the Return Path Data Cloud, Email Threat Intelligence leverages the company's network of more than 70 major mailbox and security providers to analyse over 6 billion email messages per day. Applying proprietary threat detection algorithms, the solution identifies attacks in real time enabling brands to take immediate action to protect consumers from malicious messages.
Using Email Threat Intelligence to investigate prevalent tactics used by cybercriminals, Return Path found more than 750,000 malicious messages spoofing 40 top-tier global consumer brands over the course of July and August 2015. Most of these messages employed brand spoofing to avoid detection by existing email authentication protocols.
In addition to brand spoofing, Return Path analysed the use of snowshoe spamming - a tactic to complicate detection by sending batches of fraudulent messages from multiple IP addresses - and found that large-scale attacks followed no recognisable patterns to help identify them. Of the 100 largest attacks detected, 22 were highly distributed across networks of sending IPs—so-called botnets. Meanwhile 27 were not distributed at all, generally coming from single sources, indicating that reputation-based filtering and blacklists are effective countermeasures in the fight against email fraud.
“Brand spoofing is the most prevalent email fraud tactic in use today because it is difficult to detect. While authentication-based solutions like DMARC represent the best available protection against direct domain spoofing, companies have had no way to identify and address email threats appearing to come from domains outside of their control. Now they do,” said Robert Holmes, general manager, Email Fraud Protection at Return Path. “These solutions are complementary. Brands that use DMARC and Email Threat Intelligence together can act quickly to eliminate the impact of email fraud. Defending consumers against phishing attacks, malware, and scams is essential to maintaining brand trust and loyalty. Return Path’s Email Threat Intelligence enables brands to address a huge gap in their email fraud protection.”
Further analysis is available in Return Path’s Email Threat Intelligence Report: http://returnpath.com/wp-content/uploads/2015/09/email-threat-intelligence-report.pdf
Using its email threat intelligence solution powered by the Return Path Data Cloud, the company analysed more than 240 billion email messages associated with 40 global brands in industries historically prone to email fraud. The messages were received during a 40-day period in July and August 2015. Return Path’s threat detection and classification algorithms identified 769,792 malicious messages targeting the included brands, 503,975 of which (63%) spoofed at least one element of the email header.
About Return Path
Return Path analyses the world’s largest collection of email data to show businesses how to stay connected to their audiences, strengthen their customer engagement, and protect their brands from fraud. Our data solutions help analysts understand consumer behaviour and market trends. We help mailbox providers and security providers around the world deliver great user experiences and build trust in email by ensuring that wanted messages reach the inbox while spam and abuse don’t. For more information on Return Path’s Email Fraud Protection solution, visit www.returnpath.com/StopEmailFraud
Why nation-state attacks are everyone’s problem
Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.
With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.
An interview with CSO's David Braue and Ian Yip, Chief Technology Officer, McAffee.
According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities