When it comes to information security, many organizations aim to prevent and remediate phishing attempts and malware hacks. Although valiant and important efforts, this laser focus often leaves the reputation of the field overlooked. But companies should not overlook this problem. Domain reputation has become extremely vital to protecting and maintaining consumer trust.
The domain’s reputation has become increasingly important amid the pandemic as bad actors have taken advantage of the chaos of current events. As COVID-19 has reached the consciousness of billions of people around the world, there has simultaneously been a massive increase in the use of terms such as “coronavirus” and “COVID-19” in legitimate marketing campaigns as well as in malware and ransomware campaigns. According to our research, as of April 2020, more than 1 in 15 business emails sent globally were about COVID-19.
At the same time, complaint rates for COVID-19-related marketing emails have steadily increased, showing an increase in malicious actors exploiting truly vulnerable populations. Understandably, many consumers were more likely to let their guard down when it came to receiving COVID-19-related information in their inbox, making them even more susceptible to falling prey to illegitimate attempts.
Approach the problem
Protecting domain reputation greatly influences an organization’s email deliverability. Mailbox providers rely on domain reputation to determine trust. The better a domain’s reputation, the more likely receiving mail servers will trust emails. And of course, the worse the reputation of the domain, the less an email service provider will trust emails. Email has become the biggest threat vortex to an organization’s domain reputation because of the ease with which bad actors can take advantage of lowly customers.
The InfoSec Institute found that customers are 42% less likely to engage with an organization after a phishing attack. Unfortunately, bad actors are constantly looking for ways to take advantage of consumers. Common methods include spoofing, misuse, or even creating a close cousin of an established domain to conduct a phishing campaign. This way, when a customer sees the phishing attempt, they trust the sender and are more likely to inadvertently give the bad actor access to their systems.
But all is not gloomy. Organizations can use a myriad of protocols to protect their domain reputation:
- Measure Enterprise domain reputation by looking at email service provider delivery data, feedback loops, and provider reputation data. It’s important to aggregate this data by domain as well as by IP address because domain reputation works as a more granular metric.
- Implement email authentication protocols so that mailbox providers can easily identify and respond to illegitimate messages. This includes Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to validate content via digital signatures. Next, organizations can implement Domain-Based Message Authentication, Reporting, and Compliance (DMARC) to instruct mailbox providers to block or filter unauthorized messages spoofing your domain in the domain. e-mail sender address.
- Register close cousin domains. Unfortunately, malicious actors are eager to take advantage of common typos and misspellings to trick unsuspecting consumers into their phishing attempts. To counteract this, companies should defensively register the extent of domains that malicious actors could potentially abuse.
It’s always possible for malicious actors to find flaws in a security system and take advantage of them – that’s their only goal, when most organizations have so many other day-to-day priorities. Having a customer fall prey to a phishing attempt by a bad actor isn’t just bad for that consumer’s relationship with the organization: it’s a massive brand image crisis.
Fortunately, savvy organizations have a wealth of security resources to prevent these attempts. By paying close attention to domain reputation and appropriate mitigation efforts, businesses can continue to protect the important relationship of trust they have established with their customers.
Tom Bartel, Senior Vice President, Data Services, Validity