Just this month, the FBI warned that there was a 60% increase in 2018 in fake email schemes that aim at stealing money or tax data. Phishing attacks aren’t new, but the realization of the impact to business infrastructure and economy is wide reaching.
Integrity in marketing and specifically email communication is at the center of concern because scammers use familiar tactics to gain your confidence and defraud you, your business, and your clients. Business email compromise (BEC) and impersonation attacks are the most common.
Alexander Garcia-Tobar, CEO and co-founder of Valimail was interviewed and quoted in this article, The biggest phishing attacks of 2018 and how companies can prevent it in 2019
“They’ll typically start with fake emails to targeted individuals — or to individuals at other organizations (vendors and other companies they do business with). These emails impersonate a trusted individual in order to increase the likelihood that the target will open it, read it, and take action.”
“… the biggest story in the fight against phishing has to be the US federal government’s amazing progress in implementing anti-phishing measures, which the Department of Homeland Security mandated in 2017 — BOD 18-01. Government agencies, as a group, went from being in the last place in the use of email authentication to leading all industry segments. They’re even ahead of tech companies and unicorns in this. And they did it in just one year. The benefit is that this protects agencies from impersonation via email, and will increase agency operational efficiency as well as security for all US citizens”
“The best defense is a layered defense:
Deploy email authentication as your first line of defense, so that only authorized senders can use your domain to send email messages. This will block a huge proportion of fake messages (the direct spoofs/exact-domain attacks). It also is becoming a mandated requirement. So deploying email authentication will both get you ahead of the compliance curve and protect your employees and brand.
Make sure you use an effective secure email gateway (SEG) to stop inbound messages with suspicious content that could contain malware or malicious links.
Train your users how to be smart about phishing messages that make it through the first two layers, and make sure to refresh that training every three to six months.”