Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:

Companies Need To Be Proactive To Combat Email Phishing

Post a Fraud Alert:
  • by Jess Nelson


Another year marked by email phishing and data breaches is coming to an end, and it is crucial for businesses to take this threat more seriously in the New Year.

Email is now hackers’
preferred method of attack and the largest source of data breaches in the United States. Nine out of ten cyber attacks begin with a phishing email, according to PhishMe, and notable breaches this year
include Uber, Equifax, and Yahoo.

The responsibility for identification of phishing emails has largely been placed on consumers thus far. Businesses advise email users to recognize certain
phishing email characteristics such as spelling and grammatical errors, and then to report any suspicious incoming mail. 

This is a flawed approach, and it has obviously done little to
slow the phishing pandemic. The number of phishing attacks increased 65% year-over-year from 2015 to 2016, according to the Anti-Phishing Working Group (APWG). Although the APWG has
yet to release its full 2017 study, it did report a consistent stream of phishing attacks in the first part of the



Phishers are also becoming smarter about their attacks, leveraging spoofing and social engineering tactics to appear legitimate, and thus making it more difficult for consumers to
tell the difference between real emails and phishing emails.

It is imperative that enterprises take on the responsibility of securing their email themselves to better protect their customers
from malicious advances. Proper email authentication like DMARC, which builds on SPF, is essential for any business that sends email messages of any kind. The more companies protected with DMARC, the
stronger the resistance to the phishing virus will be.

More companies should also follow Facebook’s lead by creating a centralized resource of emails sent. Facebook announced last week
that it would begin listing every security email it sends, so users can double check whether Facebook actually sent a message when they receive suspicious emails.


Article source: