Using Return Path Data to Protect Your Brand: Security Breakout Session - London
Report
Share
•1 like•308 views
Using Return Path Data to Protect Your Brand: Security Breakout Session - London
•1 like•308 views
Report
Share
Download to read offline
Learn what tactics cyber-criminals are using today to spoof your brand and defraud your customers – and how you can put a stop to these attacks.
Recommended
More Related Content
What's hot
What's hot(20)
Viewers also liked
Viewers also liked(8)
Similar to Using Return Path Data to Protect Your Brand: Security Breakout Session - London
![7 top tips to protect your business from BEC [infographic] By Stellarise](https://cdn.slidesharecdn.com/ss_thumbnails/7tipstoprotectbusinessfrombecinfographicstellarise-190425100222-thumbnail.jpg?width=384&fit=bounds)
Similar to Using Return Path Data to Protect Your Brand: Security Breakout Session - London(20)
![7 top tips to protect your business from BEC [infographic] By Stellarise](https://cdn.slidesharecdn.com/ss_thumbnails/7tipstoprotectbusinessfrombecinfographicstellarise-190425100222-thumbnail.jpg?width=768&fit=bounds)
More from Return Path
More from Return Path(20)
Recently uploaded
![[DSC Europe 23] Danijela Horak - The Innovator’s Dilemma: to Build or Not to ...](https://cdn.slidesharecdn.com/ss_thumbnails/danijelahorak-inovdilemma-231129101606-b156e8e3-thumbnail.jpg?width=384&fit=bounds)
![[DSC Europe 23][Cryptica] Martin_Summer_Digital_central_bank_money_Ideas_init...](https://cdn.slidesharecdn.com/ss_thumbnails/stkmqtaswwueondfjdiq-martin-summer-digital-central-bank-money-ideas-initiatives-and-issues-231130103304-3a90228a-thumbnail.jpg?width=384&fit=bounds)
Recently uploaded(20)
![[DSC Europe 23] Danijela Horak - The Innovator’s Dilemma: to Build or Not to ...](https://cdn.slidesharecdn.com/ss_thumbnails/danijelahorak-inovdilemma-231129101606-b156e8e3-thumbnail.jpg?width=768&fit=bounds)
![[DSC Europe 23][Cryptica] Martin_Summer_Digital_central_bank_money_Ideas_init...](https://cdn.slidesharecdn.com/ss_thumbnails/stkmqtaswwueondfjdiq-martin-summer-digital-central-bank-money-ideas-initiatives-and-issues-231130103304-3a90228a-thumbnail.jpg?width=768&fit=bounds)
![[DSC Europe 23] Ivan Dundovic - How To Treat Your Data As A Product.pptx](https://cdn.slidesharecdn.com/ss_thumbnails/ewangp91sryz0b4shlxd-ivan-dundovic-howtotreatyourdataasaproduct-231129143902-dd1541cf-thumbnail.jpg?width=768&fit=bounds)
![[DSC Europe 23] Stefan Mrsic_Goran Savic - Evolving Technology Excellence.pptx](https://cdn.slidesharecdn.com/ss_thumbnails/pgsjzcgsfwagzsywivwo-stefan-mrsic-goran-savic-evolving-technology-excellence-231129142112-da067636-thumbnail.jpg?width=768&fit=bounds)
![[DSC Europe 23] Luca Morena - From Psychohistory to Curious Machines](https://cdn.slidesharecdn.com/ss_thumbnails/lucamorena-231129094948-3a95c982-thumbnail.jpg?width=768&fit=bounds)
![[DSC Europe 23] Matteo Molteni - Implementing a Robust CI Workflow with dbt f...](https://cdn.slidesharecdn.com/ss_thumbnails/matteomolteni-implementingarobustciworkflow-231129090959-794aed63-thumbnail.jpg?width=768&fit=bounds)
Using Return Path Data to Protect Your Brand: Security Breakout Session - London
- 1. #RPWT Little Data, Big Decisions: The Path to Data Enlightenment Keynote 3:45 - 4:15 Using Return Path Data to Promote Your Brand: Marketing/Research Breakout Session 5:00 - 5:45 Scott Roth, Chief Marketing Officer, Return Path Speakers: Guy Hanson, Sr. Director, Professional Services, Return Path Rob Holmes, General Manager, Email Fraud Protection, Return Path 4:15- 4:45 Real Data, Real Results: Customer Showcase & Panel Discussion 5:00 - 5:45 Using Return Path Data to Protect Your Brand: Security Breakout Session 5:45 - 7:00 Networking and cocktails Please join us as we wrap up the day! Opening Remarks Guest Speaker 3:00 - 3:45 Sara Murray, Entrepreneur & Founder of confused.com & Buddi 4:45 – 5:00 Coffee break
- 2. Using Return Path Data to Protect Your Brand Security Breakout Session Rob Holmes, General Manager, Email Fraud Protection
- 3. Agenda • Email fraud trends and impact • The power of data: email threat intelligence • The Return Path Data Cloud • Tactics used by cybercriminals today • Unite against email fraud: tips for defending your customers, brand, and bottom line • Questions
- 4. Email Fraud Trends & Impact
- 5. Email Delivers Business Value… Increases Customer Loyalty Boosts Revenue Reduces Operating Costs
- 6. …But Its Impact Is Being Eroded 5 out of 6 big companies are targeted with phishing attacks Phishing costs brands worldwide $4.5 billion each year RSA identifies a phishing attack every minute Email fraud has up to a 45% conversion rate Source: http://www.emc.com/emc-plus/rsa-thought-leadership/online-fraud/index.htm $4.5 B 1 MIN 5/6 45%
- 7. Phishing Leads To – Revenue Losses • Reduced effectiveness of email • ISPs don’t know what to trust • Reduced trust in brand: • Subscribers don’t know what to trust Customers are 42% less likely to interact with a brand after being phished or spoofed.
- 8. Phishing Leads To – Unwanted Media Attention
- 9. “If you boil the jobs down of IT security professionals, they are ultimately tasked with protecting the brand… If you have a breach, research suggests that 60% of your customers will think about moving and 30% actually do.” Bryan Littlefair Global Chief Information Security Officer Aviva
- 10. InvestigationRemediation Phishing Leads To – Remediation Costs Fraud Losses Malware Infection
- 11. Can You Spot a Spoof?
- 12. Anatomy Of A Phishing Email to: You <you@yourdomain.com> from: Phishing Company <phishingcompany@spoof.com> subject: Unauthorized login attempt Dear Customer, We have recieved noticed that you have recently attempted to login to your account from an unauthorized device. As a saftey measure, please visit the link below to update your login details now: http://www.phishingemail.com/updatedetails.asp Once you have updated your details your account will be secure from further unauthorized login attempts. Thanks, The Phishing Team 1 attachment Making an email look legitimate by spoofing the company name in the “Display Name” field. Tricking email servers into delivering the email to the inbox by spoofing the “envelope from” address hidden in the technical header of the email. Including logos, company terms, and urgent language in the body of the email. Making an email appear to come from a brand by using a legitimate company domain, or a domain that looks like it in the “from” field. Creating convincing subject lines to drive recipients to open the message. Including links to malicious websites that prompt users to give up credentials Including attachments containing malicious content.
- 13. From: service@paypal.com <paypal@service.com> From: PayPal <paypal@e.paypal.co.uk>
- 14. The Power of the Right Data
- 15. Knowledge Is Your Best Defense • We know there is no silver bullet. • But defense starts with understanding. • Data is the key to that understanding.
- 16. Breadth, Depth, and Speed Contactually Molto ParibusGetAirHelp Message Finder UnsubscriberOrganizer
- 17. EMAIL THREAT DATA · Consumer inbox data · Email delivery data · Authentication results · Message level data · SPAM trap & complaints data EMAIL THREAT INTELLIGENCE · Domain-spoofing alerts · Brand-spoofing intelligence · Suspicious activity map · Fraudcaster URL feed · Sender Score: IP reputation
- 18. Email Fraud: Primary Attack Vectors Domain Spoofing (from domains owned by the brand) Brand Spoofing (from domains outside the brand’s control) phish@company.com company@phish.com
- 19. 30% of Attacks Spoof Domains You Own 30% Domain Spoofing • Active Emailing Domains • Non-Sending Domains • Defensively-Registered Domains 70% Brand Spoofing • Cousin Domains • Display Name Spoofing • Subject Line Spoofing • Email Account Spoofing Source: Return Path / APWG White Paper, 2014
- 20. Unite Against Email Fraud Tips for defending your customers, your brand, and your bottom line.
- 21. DMARC (Domain-based Message Authentication Reporting & Conformance): • Technical specification created to help reduce the potential for email- based abuse (www.dmarc.org) • Prevents domain-based spoofing by blocking fraudulent activity appearing to come from domains under your control • Provides threat reporting mechanism (aggregate and forensic data) #1: Authenticate Your Email
- 22. “Simply put, the DMARC standard works. In a blended approach to fight email fraud, DMARC represents the cornerstone of technical controls that commercial senders can implement today to rebuild trust and retake the email channel for legitimate brands and consumers.” Edward Tucker Head of Cyber Security Her Majesty’s Revenue & Customs
- 23. • Addressing the 70% of email attacks that spoof your brand using domains your company does not own requires email threat intelligence. • Get visibility into all types of email threats targeting you today. #2: Leverage Email Threat Intelligence
- 24. Return Path’s Solution Legitimate Email Malicious Email marketing@ company.com marketing@ c0mpany.com company @phish.com phish@ company.com DMARC Rejected Provider Network Return Path Data Cloud Email Threat Intelligence Email Governance Company Security Operations Center Takedown Vendor Consumer Inbox
- 25. • The reality is, some attacks are always going to get through. • The more prepared your customers are, the better. • Create an educational website • Include anti-fraud language within your legitimate email • In the event of an attack, warn your customers immediately #3: Educate Your Customers
- 26. • Engage with Brand Protection teams to make the business case. • Create a sense of urgency. • Communicate the risks that result from not taking action: • Email fraud destroys brand reputation and erodes customer loyalty • Email fraud thwarts email marketing effectiveness • Email fraud negatively impacts revenue #4: Raise Awareness with Top Executives
- 27. Learn More www.returnpath.com/StopEmailFraud Twitter: @StopEmailFraud New: Download the Email Threat Intelligence report at bit.ly/EmailThreatIntel
Editor's Notes
- LONDON
- Value to businesses Email is a very valuable marketing medium for businesses for all of the above reasons (low cost, effectiveness, scale, format), but it’s also effective for fraudsters for the same reasons.
- Every day, beyond your control, cybercriminals send emails that spoof your brand, targeting your customers, partners, and suppliers with malicious content. Email Fraud continues to grow (50% YOY growth in volume of email attacks based on APWG data) and, in spite of the recent shutdowns of larger botnets, phishing shows no sign yet of abating, with more than 400 brands are phished each month (Anti-Phishing Working Group) Two biggest trends: an increase in the volume of attacks and an increase in the sophistication.
- #3 – Phishing is Impacting Revenue. Email fraud has a dramatic impact on the trust your customers have in your brand. It also reduce the effectiveness of email that is legitimate. A great data point from Cloudmark here: customers are 42% less likely to interact with a brand after being phished or spoofed. So, we all recognise that it’s an old problem and most of us know that it hurts our business. And yet many companies we speak to still struggle to justify investment in solutions, leaving their brands and their customers vulnerable. I believe that’s because, in the first place, measuring the impact is difficult: tying fraud losses and expenses back to specific activities is difficult and quantifying the value of brand integrity has always proved elusive. Okay, so let’s talk now about solving the problem. Prior to working at Return Path, I worked in the brand & fraud protection industry for 10 years. And, during those 10 years, I watched the evolution and growth of the problem space and observed the stagnation of innovation.
- Phishing is on old problem, and it’s not going away so lets look at the way it is impacting businesses today. #1 – Phishing is Making Headlines and Is Destroying Reputations Some of the most respected brands out there are making the headlines: Amazon, Home Depot, Booking.com and more recently US health insurer giant Anthem.
- Here is a great quote from Aviva’s CISO Bryan Littlefair on why it is the CISO’s responsibility to protect the brand, in collaboration with Marketing.
- #2 – Phishing Is Losing Companies Millions in hard costs Fraud losses Malware infection (secondary damages/losses) Investigation Remediation
- If you have to explain to marketing... graphic to use security and tech. See that as aware when comes to email look at points they can hit on in order to break through. Not just Friendly From, different ways to use email. What highlighting here. Fits with email advantages email slide... 97% of people globally cannot correctly identify a sophisticated phishing email. And there is a plethora of ways fraudsters can spoof your identity…
- Can you spot the spoof? (chances are you can) Now.. Are you confident YOUR CUSTOMERS can? The simple answer is NO. So this is why it is critical that you use the right data to shine the light on all the types of email threats that are targeting your brand today.
- Show of hands if you think that the majority of the email threats against your brand spoof domains under your control? In other words, what percentage of attacks come from a legitimate hsbc.com domain?
- So what are we saying: well at risk of sounding obvious, knowledge is your best defense.
- With such a complex threat landscape, you need breadth, depth and speed when it comes to email threat intelligence, and this is what we mean by it: data from mailbox providers, data from security vendors, and data from consumer inboxes to give you a complete pictures of all the threats spoofing your domains (under your control) and your brand (outside your control).
- Powered by the Return Path Data Cloud, our proprietary email threat intelligence empowers you to identify threats beyond DMARC — so you can respond to the 70% of email attacks spoofing your brand from domains that you do not control. We use over 100 data feeds from more than 70 providers to detect, classify and analyze data relating to over 6 billion emails every day. Now imagine having this data available to your teams so you can detect, block and respond to email threats in real time. Respond to the 70% of email attacks spoofing your brand from domains that you do not own. DMARC is a great first step, but it’s not a complete solution, protecting your brand from only 30% of email threats. Powered by the Return Path Data Cloud, our proprietary email threat intelligence empowers you to identify threats beyond DMARC. We use over 100 data feeds from more than 70 mailbox and security providers to detect, classify and analyze data relating to over 5.5 billion emails every day. With Email Threat Intelligence, you can: Get insight into email threats, coming from domains that your company does not own (e.g. cousin domains, display name spoofing, subject line spoofing). View redacted message-level samples of fraudulent emails targeting your brand. Identify phishing URLs embedded in fraudulent emails and inform your takedown vendor(s). Integrate intelligence into your existing systems through a RESTful API. Manage all Email Governance and Email Threat Intelligence alerts from a single portal.
- Fraudsters will target your brand in two ways: by spoofing your domains, or by spoofing your brand in other ways. Both attack vectors are critical and you need visibility into all attacks, which is why it is important to have access to the RIGHT data.
- We ran some primary research in sept 2014, looking at 18 billion suspicious emails, targeting 11 banks in the UK and the US. And what did we discover? 30% of the attacks came from an email address from a domain that was owned by the bank that leaves 70% that were spoofed in some other ways like display name spoofing. This is REALLY relevant to our solution because we seek to address both: the 30% and the 70%. We analysed 40 of the top global brands for a period of 2 months (july/August 2015) and looked at fraudulent emails coming from the 70% we covered here. These are some of the tactics we were able to uncover thanks to email threat data: 1. Snowshoeing is still rife and monitoring IP reputations needs to be part of a multi-faceted email fraud protection strategy 2. Fraudsters do not go to the trouble of rotating elements of their subject lines, preferring a more template-based approach. Access to message-level data from email threat intelligence sources should help you prioritize your efforts around attack mitigation. 3. The most frequently spoofed Header From field is the Display Name, for which there is currently no authentication mechanism. Visibility into Display Name spoofing is critical in identifying and responding to phishing attacks leveraging your brand.
- It’s time to unite against email fraud… And here are some of the leading brands out there at the forefront of this initiative (next slide)
- Security understands the risks, but Marketing and Sales executives must be shown how this affects the real bottom line. This impacts revenue, market share and partnership opportunities, to name a few. Reduced effectiveness: Once they have been harmed by something tied to your brand, customers are afraid to open anything that comes from you. All of the work you put into crafting an effective message is wasted, if they refuse to open it. This can be especially bad for seasonal promotions. The bad guys know you’ll be sending out special promotions, so they’ll send their own versions to trick people. Word gets out about a scam and people won’t open your promotional notes during the key perioe. This also skews your metrics, because you don’t get a good sample of “regular” customer reactions to a campaign. Customers now have a bad feeling tied to your brand. Even if their head accepted the explanation that something was really not from you, their gut has a twinge when they see your brand. When they’re shopping next time, that will impact their mindset. Maybe they’ll try another brand. (Google, Orbitz, Kayak searches) It's not just lower revenue. There are hidden added costs of dealing with reversing fraudulent purchases, resetting customer accounts, resolving customer issues. Also - It's not just about business. You don't want anyone using the power of your brand to trick people.
- Update based on each location.