4 sectors that need email authentication the most and why
We are living in times where you have to think twice before clicking. But despite being mindful about what websites you visit and what links you download, you and your business are not 100% shielded from cyberattackers. Since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%.
While there is no definite answer, approximately 3.4 billion phishing emails are sent everyday globally. What this means is that for every 4,200 emails sent, 1 would surely be a phishing email that would have the potential to dupe recipients into transferring money, downloading malware-infected files, or sharing sensitive data.
The top 4 sectors on the hot list of threat actors are financial services (banking and insurance), healthcare, e-commerce, and government agencies. These sectors need strong email authentication protocols like SPF, DKIM, and DMARC to protect their brand reputation and stay away from the legal repercussions of breaches and fraud.
This is because threat actors abuse your domain name to send malicious emails to your customers, prospects, employees, investors, etc. They impersonate your brand and its representatives to convince targetted recipients to share confidential documents, make financial transactions, disclose a company secret, and whatnot!
So, here is a detailed blog on why these 4 sectors are in bad need of properly configured SPF, DKIM, and DMARC records.
1. Financial services (banking and insurance)
The reason why the financial sector is on the radar is that it handles sensitive financial data and personal information of so many people, including the ones seen as high-value targets by malicious actors. 62,074 new finance-related domains were registered between January and June 2024, and you would be surprised to know that 62% of these were involved in phishing attacks targeting legitimate companies through spoofed websites. HSBC, BBVA, and PayPal are the frequent targets, with over 561 domains associated with each.
In fact, a financial scam is currently looming over Pembroke. Scammers are sending emails that falsely claim to be from the fraud department of local banks. The unsolicited phishing emails are convincing community members to empty their bank accounts and deposit the funds into Bitcoin machines. They are fooling them under the pretext of losing all the money otherwise.
As per Deloitte’s 2024 Financial Services Industry Predictions report, US banks can lose $40 billion by 2027 because of AI-powered scams. Cybercriminals are heavily using generative AI to create near-perfect phishing emails that they send from unprotected domains. Generative AI is also being exploited to develop images, audio, and videos.
If we talk about the global situation of the DMARC adoption in the finance sector, then it isn’t too good. Almost a third of UK banks have no DMARC protection at all. On the brighter side, between Q2-2021 and Q2-2022, 28% and 200% increments have been observed in setting the DMARC policy to p=reject and p=quarantine, respectively.
The finance sector is adopting DMARC at a faster pace since the Payment Card Industry Security Standards Council (PCI SSC) announced that the requirement is considered a best practice until March 31, 2025. After that, it will become mandatory and must be fully addressed during a PCI DSS assessment.
2. Healthcare
Healthcare organizations manage private patient data, which attracts many threat actors. They usually steal medical details to file fake insurance claims, illegally obtain prescription drugs, raise bills for non-existing treatments or services, blackmail for ransom, craft convincing phishing scams that target individuals with specific health conditions, etc.
In a cybercrime reported in February 2024, more than 200,000 people in Los Angeles County may have had their personal data exposed after a hacker stole the login credentials of 53 public health employees through a phishing email. The data breach potentially compromised sensitive information like names, birth dates, medical records, diagnoses, prescription details, Social Security numbers, and health insurance information.
A DMARC analysis also showed that only 69% of UAE hospitals have a DMARC record, which means 31% of them have no email authentication protocols in place.
The healthcare industry was devastated during the COVID-19 phase due to acute challenges like performing only elective surgeries and resource constraints. Because of these, cash inflow was heavily affected. This caused the healthcare industry to cut back on the cybersecurity budget, becoming a prime target for threat actors. Some healthcare organizations reallocated cybersecurity budgets after things settled down, but many didn’t take any significant steps, leaving their domains susceptible to phishing and spoofing.
If you are interested in learning more, please read this detailed article: A Reality Check On Email Security Threats In Healthcare!
3. E-commerce
E-commerce companies send frequent transactional and marketing emails, making them common targets for cybercriminals looking to steal customer payment details or login credentials. Email authentication helps prevent fraud, safeguard customers, and maintain brand integrity.
In a phishing campaign targeted at eBay customers, threat actors pretended to be from the company’s support team and sent fraudulent emails. These emails urged recipients to update their account information due to a supposed security breach. The messages contained malicious links that directed victims to fake login pages, where they unknowingly entered their account credentials.
The attackers used this information to access the victims’ accounts, potentially making unauthorized purchases or stealing personal details. Although eBay’s systems were not directly breached, the phishing campaign affected many of its customers, highlighting the vulnerabilities arising from phishing attacks, particularly in e-commerce. eBay had to respond by advising customers to change their passwords and enabling additional security measures to mitigate future attacks.
This incident emphasized the need for robust email security measures like DMARC and BIMI, as well as user awareness to recognize phishing attempts.
Between Q3-2021 and Q3-2022, the e-commerce sector illustrated a positive graph in terms of DMARC adoption and advancement to stricter policies. 30% and 80% of DMARC policies advanced to p= reject and p=quarantine, respectively. Gladly, there was also a 10% decrease in the number of DMARC policies set to none. In fact, there was also a 16% decrease in the number of companies that don’t have a DMARC policy.
Moreover, the new policies rolled out by Gmail and Yahoo require bulk email senders (like e-commerce companies) to have email authentication protocols in place. This requirement is also expected to contribute to the upward trend of DMARC adoption in the e-commerce sector.
4. Government agencies
Due to the sensitive nature of their operations and data, cyberattacks often target government entities. Spoofed government emails can lead to misinformation or unauthorized data access. Strong email authentication ensures secure communication between agencies and the public, reducing the risk of cyber espionage and misinformation.
A review of second-level GOV domains within 178 of the 247 ccTLDs listed on Wikipedia revealed that only 78 of these domains (about 45%) had a valid SPF record published. Moreover, five of these domains had either malformed SPF records or lacked an explicit “all” directive, rendering them ineffective. Only 33 domains (approximately 19%) had a valid DMARC record. Even among NATO and EU countries, the results showed no significant improvement, with some areas performing worse.
This highlights the vulnerability of these domains to email spoofing, especially given the absence of necessary security measures like SPF, DMARC, and DKIM. While third-level domains are often more secure, second-level domains are frequently left unprotected, though eight did have a ‘blocker’ SPF record.
Final words
While email authentication isn’t an undiscussed or lightly touched-on topic, many domain owners are still unaware of it. The ones who are aware are either stuck on the p=none policy (which is equivalent to having no DMARC setup at all) or don’t leverage the benefits of DMARC reports.
DMARC reports give you insights into your domain’s email activities, helping you recognize emails sent by unauthorized and potentially fraudulent senders. These reports are sent by recipients’ servers. So, if your business style involves sending thousands of emails in a day, you will likely receive hundreds of these reports in the complicated XML format. We know it isn’t easy to track and analyze so many reports. That’s why we at DMARCReport offer to do this for domain owners. If you are interested in learning more, please book a demo.
