Nearly 21 billion emails appearing to come from well-known commercial senders did not come from their IP addresses – a possible indication of phishing attacks, according to a new report.
The study, from Return Path found that nearly 21 billion emails attributed to a large group of global consumer brands sent between October 2014 and March 2015 did not come from IP addresses of mail servers known to send on the brands’ behalf.
Return Path analyzed more than 235 billion messages appearing to come from these senders during the six-month period and suspicious, potentially fraudulent email made up 9% of all messages.
Key findings in the report include:
•The largest numbers of fraudulent emails were found in financial services, gaming and marketplaces with 11%, 7.6%, 5.7% respectively.
•Surprisingly, the majority of the suspicious messages (94%) were attributed to the brands’ parent domain as opposed to the subdomain, which are traditionally unregulated and feeding ground for attackers.
•Traditionally trade organisations and web platforms have been a major target for the digital theft as attackers are looking for user account details, but there’s a significant increase of phishing within the gaming community.
Because their origin could not be authenticated by the leading anti-phishing standard, DMARC, Return Path classified these messages as “suspicious.”
While not always associated with cyber attacks, suspicious messages are considered more likely to place recipients at risk. Brands included in this study use the DMARC standard to identify and prevent delivery of suspicious messages attributed to them.
Suspicious message volumes during this six-month period peaked during the holiday season, in December, when more than 6 billion of the 47 billion messages analyzed (13%) could not be authenticated. The proportion of suspicious mail attributed to these senders remained near 10% throughout the first quarter of 2015, reaching 11% in March.
Of the industry sectors represented by multiple companies in the group, financial services brands saw the highest proportions of suspicious messages: 11% of email that appeared to come from these brands was deemed suspicious. Retailers and airlines saw less than half that rate, with roughly 4% of messages appearing to come from them categorized as suspicious.
“As more brands employ email fraud protection technology to detect and stop phishing attacks from reaching consumers, they are discovering massive volumes of messages that seem to come from their sending domains, but which actually come from cyber criminals,” said Robert Holmes, Return Path’s general manager of Email Fraud Protection. “Authentication-based solutions like DMARC represent the best available approach to identify and block suspicious email. Brands that properly authenticate email sent from their domains are directing mailbox providers to reject millions of potentially fraudulent messages every day, making email safer for all users.”
Return Path’s analysis, including monthly volume trends and industry breakouts, can be downloaded in full at: http://returnpath.com/resources/research/