Using Return Path Data to Protect Your Brand: Security Breakout Session - Chicago
Little Data, Big Decisions:
The Path to Data Enlightenment Keynote
3:30 - 4:00
Using Return Path Data to Promote Your Brand:
Marketing/Research Breakout Session
4:45 - 5:30
Tami Forman, Vice President of Corporate
Marketing & Communications, Return Path
Casey Swanton, Director Response
Consulting, Return Path
Brandon Dingae, Director, Sales
Enablement, Return Path
4:00 - 4:45
Real Data, Real Results:
Customer Showcase & Panel Discussion
4:45 - 5:30
Using Return Path Data to Protect Your Brand:
Security Breakout Session
Networking and cocktails
Please join us as we wrap up the day!
2. Using Return Path Data to Protect Your Brand
Security Breakout Session
Brandon Dingae, Director, Sales Enablement
• Email fraud trends and impact
• The power of data: email threat intelligence
• The Return Path Data Cloud
• Tactics used by cybercriminals today
• Unite against email fraud: tips for defending your customers, brand, and
6. …But Its Impact Is Being Eroded
5 out of 6 big
are targeted with
Phishing costs brands
worldwide $4.5 billion
a phishing attack
Email fraud has
up to a 45%
$4.5 B 1 MIN 5/6 45%
7. Phishing Leads To – Revenue Losses
• Reduced trust in brand:
• Subscribers don’t know what to trust
• Reduced effectiveness of email
• ISPs don’t know what to trust
Customers are 42% less likely to
interact with a brand after being
phished or spoofed.
9. “If you boil the jobs down of IT security
professionals, they are ultimately tasked with
protecting the brand… If you have a breach,
research suggests that 60% of your customers will
think about moving and 30% actually do.”
Global Chief Information Security Officer
12. Anatomy Of A
to: You <email@example.com>
from: Phishing Company <firstname.lastname@example.org>
subject: Unauthorized login attempt
We have recieved noticed that you have recently
attempted to login to your account from an unauthorized
As a saftey measure, please visit the link below to
update your login details now:
Once you have updated your details your account will
be secure from further unauthorized login attempts.
The Phishing Team
Making an email
look legitimate by
company name in
the “Display Name”
delivering the email
to the inbox by
address hidden in
the technical header
of the email.
language in the
body of the email.
Making an email
appear to come
from a brand by
using a legitimate
company domain, or
a domain that looks
like it in the “from”
subject lines to drive
recipients to open
Including links to
that prompt users to
22. DMARC (Domain-based Message Authentication Reporting &
• Technical specification created to help reduce the potential for email-
based abuse (www.dmarc.org)
• Prevents domain-based spoofing by blocking fraudulent activity
appearing to come from domains under your control
• Provides threat reporting mechanism (aggregate and forensic data)
#1: Authenticate Your Email
23. “Simply put, the DMARC standard works.
In a blended approach to fight email fraud, DMARC
represents the cornerstone of technical controls
that commercial senders can implement today to
rebuild trust and retake the email channel for
legitimate brands and consumers.”
Head of Cyber Security
Her Majesty’s Revenue & Customs
24. • Addressing the 70% of email attacks that spoof your brand using
domains your company does not own requires email threat
• Get visibility into all types of email threats targeting you today.
#2: Leverage Email Threat Intelligence
25. • The reality is, some attacks are always going to get through.
• The more prepared your customers are, the better.
• Create an educational website
• Include anti-fraud language within your legitimate email
• In the event of an attack, warn your customers immediately
#3: Educate Your Customers
26. • Engage with Brand Protection teams to make the business case.
• Create a sense of urgency.
• Communicate the risks that result from not taking action:
• Email fraud destroys brand reputation and erodes customer loyalty
• Email fraud thwarts email marketing effectiveness
• Email fraud negatively impacts revenue
#4: Raise Awareness with Top Executives
28. Sydney • London • São Paulo • Chicago • New York • San Francisco • Los Angeles • Paris
Fill out the survey to
be entered into the
running to win a prize.
Value to businesses
Email is a very valuable marketing medium for businesses for all of the above reasons (low cost, effectiveness, scale, format), but it’s also effective for fraudsters for the same reasons.
Every day, beyond your control, cybercriminals send emails that spoof your brand, targeting your customers, partners, and suppliers with malicious content.
Email Fraud continues to grow (50% YOY growth in volume of email attacks based on APWG data) and, in spite of the recent shutdowns of larger botnets, phishing shows no sign yet of abating, with more than 400 brands are phished each month (Anti-Phishing Working Group)
Two biggest trends:
an increase in the volume of attacks and
an increase in the sophistication.
#3 – Phishing is Impacting Revenue.
Email fraud has a dramatic impact on the trust your customers have in your brand.
It also reduce the effectiveness of email that is legitimate. A great data point from Cloudmark here: customers are 42% less likely to interact with a brand after being phished or spoofed.
So, we all recognise that it’s an old problem and most of us know that it hurts our business. And yet many companies we speak to still struggle to justify investment in solutions, leaving their brands and their customers vulnerable. I believe that’s because, in the first place, measuring the impact is difficult: tying fraud losses and expenses back to specific activities is difficult and quantifying the value of brand integrity has always proved elusive.
Okay, so let’s talk now about solving the problem. Prior to working at Return Path, I worked in the brand & fraud protection industry for 10 years. And, during those 10 years, I watched the evolution and growth of the problem space and observed the stagnation of innovation.
Phishing is on old problem, and it’s not going away so lets look at the way it is impacting businesses today.
#1 – Phishing is Making Headlines and Is Destroying Reputations
Some of the most respected brands out there are making the headlines: Amazon, Home Depot, Booking.com and more recently US health insurer giant Anthem.
Here is a great quote from Aviva’s CISO Bryan Littlefair on why it is the CISO’s responsibility to protect the brand, in collaboration with Marketing.
#2 – Phishing Is Losing Companies Millions in hard costs
Malware infection (secondary damages/losses)
If you have to explain to marketing... graphic to use security and tech. See that as aware when comes to email look at points they can hit on in order to break through. Not just Friendly From, different ways to use email. What highlighting here.
Fits with email advantages email slide...
97% of people globally cannot correctly identify a sophisticated phishing email.
And there is a plethora of ways fraudsters can spoof your identity…
Can you spot the spoof? (chances are you can)
Now.. Are you confident YOUR CUSTOMERS can?
The simple answer is NO. So this is why it is critical that you use the right data to shine the light on all the types of email threats that are targeting your brand today.
Show of hands if you think that the majority of the email threats against your brand spoof domains under your control? In other words, what percentage of attacks come from a legitimate hsbc.com domain?
So what are we saying: well at risk of sounding obvious, knowledge is your best defense.
With such a complex threat landscape, you need breadth, depth and speed when it comes to email threat intelligence, and this is what we mean by it: data from mailbox providers, data from security vendors, and data from consumer inboxes to give you a complete pictures of all the threats spoofing your domains (under your control) and your brand (outside your control).
Powered by the Return Path Data Cloud, our proprietary email threat intelligence empowers you to identify threats beyond DMARC — so you can respond to the 70% of email attacks spoofing your brand from domains that you do not control.
We use over 100 data feeds from more than 70 providers to detect, classify and analyze data relating to over 6 billion emails every day.
Now imagine having this data available to your teams so you can detect, block and respond to email threats in real time.
Respond to the 70% of email attacks spoofing your brand from domains that you do not own.
DMARC is a great first step, but it’s not a complete solution, protecting your brand from only 30% of email threats. Powered by the Return Path Data Cloud, our proprietary email threat intelligence empowers you to identify threats beyond DMARC. We use over 100 data feeds from more than 70 mailbox and security providers to detect, classify and analyze data relating to over 5.5 billion emails every day.
With Email Threat Intelligence, you can:
Get insight into email threats, coming from domains that your company does not own (e.g. cousin domains, display name spoofing, subject line spoofing).
View redacted message-level samples of fraudulent emails targeting your brand.
Identify phishing URLs embedded in fraudulent emails and inform your takedown vendor(s).
Integrate intelligence into your existing systems through a RESTful API.
Manage all Email Governance and Email Threat Intelligence alerts from a single portal.
Fraudsters will target your brand in two ways: by spoofing your domains, or by spoofing your brand in other ways.
Both attack vectors are critical and you need visibility into all attacks, which is why it is important to have access to the RIGHT data.
We ran some primary research in sept 2014, looking at 18 billion suspicious emails, targeting 11 banks in the UK and the US.
And what did we discover?
30% of the attacks came from an email address from a domain that was owned by the bank
that leaves 70% that were spoofed in some other ways like display name spoofing. This is REALLY relevant to our solution because we seek to address both: the 30% and the 70%.
We analysed 40 of the top global brands for a period of 2 months (july/August 2015) and looked at fraudulent emails coming from the 70% we covered here.
These are some of the tactics we were able to uncover thanks to email threat data:
1. Snowshoeing is still rife and monitoring IP reputations needs to be part of a multi-faceted email fraud protection strategy
2. Fraudsters do not go to the trouble of rotating elements of their subject lines, preferring a more template-based approach. Access to message-level data from email threat intelligence sources should help you prioritize your efforts around attack mitigation.
3. The most frequently spoofed Header From field is the Display Name, for which there is currently no authentication mechanism. Visibility into Display Name spoofing is critical in identifying and responding to phishing attacks leveraging your brand.
It’s time to unite against email fraud… And here are some of the leading brands out there at the forefront of this initiative (next slide)
Security understands the risks, but Marketing and Sales executives must be shown how this affects the real bottom line.
This impacts revenue, market share and partnership opportunities, to name a few.
Reduced effectiveness: Once they have been harmed by something tied to your brand, customers are afraid to open anything that comes from you. All of the work you put into crafting an effective message is wasted, if they refuse to open it. This can be especially bad for seasonal promotions. The bad guys know you’ll be sending out special promotions, so they’ll send their own versions to trick people. Word gets out about a scam and people won’t open your promotional notes during the key perioe. This also skews your metrics, because you don’t get a good sample of “regular” customer reactions to a campaign.
Customers now have a bad feeling tied to your brand. Even if their head accepted the explanation that something was really not from you, their gut has a twinge when they see your brand. When they’re shopping next time, that will impact their mindset. Maybe they’ll try another brand. (Google, Orbitz, Kayak searches)
It's not just lower revenue. There are hidden added costs of dealing with reversing fraudulent purchases, resetting customer accounts, resolving customer issues.
Also - It's not just about business. You don't want anyone using the power of your brand to trick people.