Smaller businesses are more vulnerable to phishing because they assume they are not big enough to draw hackers' attention, and haven't adopted the security strategies needed to fight this type of cyber crime.
So says to Premlan Padayachi, country manager at Dell Software SA, who notes the flaw in that kind of thinking is hackers don't care about the size of a business; they only care about vulnerability.
"Hackers can mount a series of attacks on vulnerable small and medium-sized business, and then use that data to launch an attack against a larger target. In the meantime, they've collected your employee and customer data, banking information and passwords, and they've compromised your brand."
If companies don't make it tough for other people to spoof their e-mail, they are not only letting down their customers - who will stop trusting any e-mail from the company - but are putting the brand at costly risk, he says.
The Anti-Phishing Work Group's Phishing Activity Trends Report for the first quarter of 2014 indicates that 577 brands were targeted by phishers in the first quarter of 2014, compared to 525 in the fourth quarter of 2013.
To combat spoofing, 15 e-mail services providers, financial firms and message security companies - including AOL, Google, Microsoft, Return Path and Yahoo - founded the Domain-based Message Authentication, Reporting and Conformance (DMARC), a working group to create standards to reduce the threat posed by phishing, spam and other messaging abuses, says Padayachi.
DMARC standardises the way recipient e-mail servers perform e-mail authentication using Sender Policy Framework and DKIM DomainKeys Identified Mail mechanisms.
"DMARC provides these organisations visibility into whether their e-mail is authenticating - proof that the e-mail is coming from your own domain and not some other unauthorised domain that only looks like your site," adds Padayachi.
He points out security solutions like DMARC will help protect the organisation's customers against spoofing.
Also, they will ensure customers are getting the brand's legitimate messages, and help them trust when a message from the organisation appears in their inbox, it is a valuable e-mail, says Padayachi.
Share