DMARC’s Antiphishing Benefits Are More Important Than Ever

Many of us have (at least temporarily) joined the remote workforce. Apart from learning how to be productive in a very new, improvised home office, people are also adjusting to the security risks that their new workspace presents.

Cybercriminals are taking full advantage of this and launching pandemic-specific phishing attacks. In the first quarter of 2020, we saw over a 600% increase in COVID-19 phishing attacks, and last week alone, there were over 18 million daily COVID-19-specific phishing and malware attacks.

These attacks are highly effective for two reasons. First, people are scared. Everyone’s daily routine has been changed, and we have no idea when we will return to normal, so if we see an email promising a COVID-19 update, many will click on it because we’re desperate for answers.

The attacks are also taking the form of text messages that warn people if they’ve been in contact or near a COVID-19 patient. The texts are also highly effective because they match government notifications or apps that are promising to do this very thing.

The second reason they are so effective is that phishing attacks are one of the only cybersecurity attacks that security professionals will admit to almost (or actually) falling for. We’re feeling the same panic and are extra prone to click.

So how do we protect our extra-vulnerable security and nonsecurity workforce? Protection requires a layered approach that starts with email authentication. Domain-based Message Authentication, Reporting & Conformance (DMARC) is an email authentication process that manages and monitors your inbox to ensure that only verified contacts are reaching users’ inboxes. In our recent report, Claire O’Malley and I share how organizations should implement DMARC in order to prevent fraudulent correspondence and phishing attacks. DMARCs antiphishing benefits can be expanded to also include stopping COVID-19-specific phishing attacks from reaching your organization’s inboxes and stopping cybercriminals from hijacking your domains to carry out attacks.

COVID-19 phishing attacks are cruel but unfortunately expected from cybercriminals. Warn your employees that they are coming, warn your family that they are coming, and implement phishing defenses, including authentication, for peace of mind during these unprecedented times.

See our report, “Best Practices: Phishing Prevention,” to learn Forrester’s 10 best practices for phishing prevention.