A new report has revealed that out of nearly 10 million .org domains globally, only 1.2% have implemented phishing email protection tools on the systems. The number only goes up to 20% among the top 100 US non-profits .org domains (by traffic).
According to IBM research, phishing was among the top attacks at 16%. However, on reviewing the dataset of 9,935,024 verified .org email domains, the EasyDMARC report revealed that only 376,497 (3.8%) domains had implemented the Domain-based Message Authentication, Reporting and Conformance (DMARC) security standard.
Organizations need to put adequate protection to flag, report, and remove outbound phishing emails. Failing to do so can put them at high risk and more vulnerable to attacks.
“Failure to implement email authentication protocols can result in attacks that can do profound reputational harm to non-profits or bring their operations to a grinding halt. With many non-profits providing critical services to millions, downtime from cyberattacks can end up being particularly destructive,” Gerasim Hovhannisyan, CEO & Co-Founder, EasyDMARC said.
In the wake of the increased security breaches owing to ransomware, DDoS, spoofed emails, it is imperative for organizations to adhere to minimum email security standards. Non-profit organizations depend heavily on donations and safeguarding their resources, including user data, is necessary.
Employing Phishing Email Protection
The research noted a lag in the non-profit sector to adequately configure DMARC when implemented. On testing a minority of the global .org domains that employed DMARC, it was found that 171,486 (45.6%) had incorrectly configured the email authentication protocol.
Moreover, out of the global non-profit domains that had implemented DMARC, only 32.2% (121,290) had employed a ‘reject’ policy, which flags and rejects emails impersonating a legitimate domain. As a result, these organizations lacked visibility into any impersonating emails they received or blocked.
“US non-profits must do more to protect themselves against being impersonated for phishing, spoofing and ransomware attacks. Sadly, many big-name non-profits with the financial heft to implement email authentication are underutilizing this technology,” Hovhannisyan told The Cyber Express.
“One of the most important steps in protecting the integrity of email domains is through leveraging Domain-based Message Authentication, Reporting & Conformance (DMARC) policies. Among non-profits, this can remove the risk of team members, volunteers, and those on mailing lists, falling victim to domain impersonation attacks that serve as some of the most common attack vectors for scams, malware, and ransomware,” Hovhannisyan added.
According to a 2022 research on phishing emails, over 50% of researchers believe that there is a need for better phishing email protection owing to the increased threat of phishing email attacks. The report noted that over 1.5 billion spam emails were sent each day globally.
Open-source websites, non-profit organizations, charitable organizations, store donors’ information, besides those it provides for. Hence, maintaining email security protection in a few clicks as offered by EasyDMARC can help report and mark phishing or suspicious emails to categorize incoming content for future reference.
DMARC enables flagging incoming emails that may be spoofed by impersonating a legitimate website or sender. Cybercrime using fraudulent COVID phishing emails, relief in times of natural disasters, and Russo-Ukrainian war have been employed by ransomware groups and other scammers to duper unsuspecting users.
Phishing email protection solutions can help detect spoofed content that have minor differences in URLs to help curb its spread across the enterprise and network.