Return Path Research Quantifies Impacts of Phishing Exploits
A recent industry report from the folks at Return Path, a market analysis company, shows that the average large company spends more than $3.7 million every year dealing with email-based phishing attacks. That threat stands among many others in the field of email marketing, and it is causing serious problems both for marketers and for their customers.
Return Path released its latest report, Phishing: The Cost of Doing Nothing for Marketers, primarily to show how phishing and spoofing – respectively, crooks masquerading as a trustworthy source to gain access to sensitive information and falsifying data to gain access to an account – are eroding the email marketing industry. The report shows that, in addition to the loss of capital quoted above, companies can lose their audiences’ trust and become at greater risk for legitimate email arriving as spam.
Estelle Derouet, the vice president of marketing, email, and fraud protection at Return Path, said the combined effects of these problems can do significant damage to an organization. “The immediate cost of phishing is staggering, but the bigger impact comes from loss of trust,” Derouet said. “If your brand reputation is damaged by email fraud, customers won’t open your emails and mailbox providers may not deliver your messages to the inbox. When that happens, you’ve lost a revenue opportunity – both now and in the future.”
Derout spells out the chain of events that marketers should be wary of. First, because the responsibility of sending legitimate emails falls immediately on the shoulders of marketers, they must keep vigilant about the manner in which they send their campaigns. Marketers can use authentication methods such as the Sender Policy Framework or Domain Key Identified Mail to make sure their email is only sent from certified hosts and is validated based on a digital signature. When senders do not validate using SPF or DKIM, they open their operations to spam and begin the chain of unfortunate consequences.
The consequences begin to pile up when customers receive illegitimate mail, followed by legitimate mail that ends up in the Spam folder. At that point, marketers have no control over the future of their legitimate messages because the ultimate authority, mail providers such as Google and Microsoft, see legitimate efforts as part of a scam.
This all leads to the erosion of customer loyalty. Customers that will not open brands emails will have no opportunity to take advantage of deals found inside those messages. Therefore, marketers put in a lot of effort and still have no chance of seeing a positive result. Their emails are a loss from the beginning. Return Path even noted that consumers who receive brand emails marked as spam are less likely to do business with those brands overall. Therefore, the effect on brands can occur both in the immediate nature of the email and in future interactions that could have taken place between consumer and brand.
Derout called email authentication methods “no longer optional” because they can serve as the only barrier between marketers and the spam spiral. The risk of not completing authentication is great and certainly makes the initial effort worth the time. There is no question that brands should authenticate their emails from Day 1.
With email remaining a primary cause of exploitation for those with malicious intent, having the right tools and education to prevent and remediate such exploitations needs to be at the top of all enterprise security professionals’ “must have” lists.
Edited by Peter Bernstein