Return Path has announced the launch of its Email Threat Intelligence capability report which analyses current email fraud tactics. Return Path's solution applies message-level data analysis toward the detection of email fraud that cannot be identified by authentication-based technology. Recent analysis shows that brand spoofing, a tactic employed to evade authentication-based email filters, is widely used in phishing attacks against brands and consumers.
Brand spoofing refers to falsifying the display name, email account, or even subject—so a fraudulent message looks like it has come from a trusted brand.
Domain spoofing refers to messages that falsify the sending domain to match one under the brand’s control. Brands can deploy authentication-based solutions like DMARC (Domain-based Message Authentication, Reporting and Compliance) to protect consumers from domain spoofing. Return Path estimates that only 30% of email attacks against brands use this tactic. Return Path Email Threat Intelligence was developed to detect the remaining 70% of threats not addressable by DMARC.
Powered by the Return Path Data Cloud, Email Threat Intelligence leverages the company's network of more than 70 major mailbox and security providers to analyse over 6 billion email messages per day. Applying proprietary threat detection algorithms, the solution identifies attacks in real time enabling brands to take immediate action to protect consumers from malicious messages.
Using Email Threat Intelligence to investigate prevalent tactics used by cybercriminals, Return Path found more than 750,000 malicious messages spoofing 40 top-tier global consumer brands over the course of July and August 2015. Most of these messages employed brand spoofing to avoid detection by existing email authentication protocols.
In addition to brand spoofing, Return Path analysed the use of snowshoe spamming—a tactic to complicate detection by sending batches of fraudulent messages from multiple IP addresses—and found that large-scale attacks followed no recognisable patterns to help identify them. Of the 100 largest attacks detected, 22 were highly distributed across networks of sending IPs—so-called botnets. Meanwhile 27 were not distributed at all, generally coming from single sources, indicating that reputation-based filtering and blacklists are effective countermeasures in the fight against email fraud.
“Brand spoofing is the most prevalent email fraud tactic in use today because it is difficult to detect. While authentication-based solutions like DMARC represent the best available protection against direct domain spoofing, companies have had no way to identify and address email threats appearing to come from domains outside of their control. Now they do,” said Robert Holmes, general manager, Email Fraud Protection at Return Path. “These solutions are complementary. Brands that use DMARC and Email Threat Intelligence together can act quickly to eliminate the impact of email fraud. Defending consumers against phishing attacks, malware, and scams is essential to maintaining brand trust and loyalty. Return Path’s Email Threat Intelligence enables brands to address a huge gap in their email fraud protection.”
Using its email threat intelligence solution powered by the Return Path Data Cloud, the company analysed more than 240 billion email messages associated with 40 global brands in industries historically prone to email fraud. The messages were received during a 40-day period in July and August 2015. Return Path’s threat detection and classification algorithms identified 769,792 malicious messages targeting the included brands, 503,975 of which (63%) spoofed at least one element of the email header.