• by Jess Nelson , December 29, 2017

Another year marked by email phishing and data breaches is coming to an end, and it is crucial for businesses to take this threat more seriously in the New Year.

Email is now hackers’ preferred method of attack and the largest source of data breaches in the United States. Nine out of ten cyber attacks begin with a phishing email, according to PhishMe, and notable breaches this year include Uber, Equifax, and Yahoo.

The responsibility for identification of phishing emails has largely been placed on consumers thus far. Businesses advise email users to recognize certain phishing email characteristics such as spelling and grammatical errors, and then to report any suspicious incoming mail. 

This is a flawed approach, and it has obviously done little to slow the phishing pandemic. The number of phishing attacks increased 65% year-over-year from 2015 to 2016, according to the Anti-Phishing Working Group (APWG). Although the APWG has yet to release its full 2017 study, it did report a consistent stream of phishing attacks in the first part of the year. 

Phishers are also becoming smarter about their attacks, leveraging spoofing and social engineering tactics to appear legitimate, and thus making it more difficult for consumers to tell the difference between real emails and phishing emails.

It is imperative that enterprises take on the responsibility of securing their email themselves to better protect their customers from malicious advances. Proper email authentication like DMARC, which builds on SPF, is essential for any business that sends email messages of any kind. The more companies protected with DMARC, the stronger the resistance to the phishing virus will be.

More companies should also follow Facebook’s lead by creating a centralized resource of emails sent. Facebook announced last week that it would begin listing every security email it sends, so users can double check whether Facebook actually sent a message when they receive suspicious emails.