IT Security

The cost of phishing

by Mark Rowe

Email drives marketing leads, conversions, and revenue, but it’s also the weapon of choice for cybercriminals around the world. New research from suggests that the damage caused by email fraud goes far beyond the immediate impact to a brand’s reputation. Return Path’s Phishing: The Cost of Doing Nothing for Marketers demonstrates how phishing and spoofing attacks erode consumer trust, compromise the performance of legitimate email campaigns, and ultimately reduce marketing ROI.

According to the report:

Phishing has real, direct costs. The average large company (defined as 10,000+ employees) spends $3.7 million annually to recover from phishing attacks, including lost productivity, customer service, and regulatory fines.

Phishing damages engagement. Subscribers are less likely to trust a brand following a phishing attack. The report finds that when negatively impacted, average read rates dropped by up to 18 percentage points at Gmail and 11 percentage points at Yahoo.

Phishing impacts deliverability. Following a phishing attack, mailbox providers are more likely to flag legitimate email as spam. Research shows that when negatively impacted, average inbox placement rates dropped by up to 10 percentage points at Gmail and 7 percentage points at Yahoo.

Estelle Derouet, VP Marketing, Email Fraud Protection at Return Path said: “The immediate cost of phishing is staggering, but the bigger impact comes from loss of trust. If your brand reputation is damaged by email fraud, customers won’t open your emails and mailbox providers may not deliver your messages to the inbox. When that happens, you’ve lost a revenue opportunity—both now and in the future.”

While marketers understand the threat that email fraud poses, few brands are taking the necessary steps to fight back. Return Path’s research shows that 81 percent of marketers would be concerned or very concerned if customers received a malicious email that appeared to come from their brand. Yet only 32 percent of marketers say that securing the email channel is a top priority in 2016. According to the report, marketers are ill-equipped to fight phishing even if they wanted to. A full 76 percent of survey respondents say they have little to no visibility into email attacks on their brand.

Derouet added: “Email security is everyone’s responsibility. As guardians of the brand and owners of the email channel, it’s time for marketers to join the fight against email fraud—and for CMOs to prioritise customer security.”

Major mailbox providers like Google and Microsoft are taking action to crack down on companies that fail to follow best practices for email security. As of February 2016, Google is flagging emails that fail authentication by replacing company avatars with a red question mark, thereby removing the guesswork for their end users. Similarly, Microsoft now inserts a red safety notification at the top of known phishing messages and any message that fails authentication. When consumers see these warnings, they are less likely to engage with both the individual email and the brand that sent it.

Derouet said: “When it comes to phishing, email authentication standards like SPF, DKIM, and DMARC are no longer optional. They are essential best practices for ensuring that legitimate email won’t be treated like spam. Any company not proactively securing their email channel today risks losing not only priceless brand loyalty but also marketing-generated revenue.”

Phishing: The Cost of Doing Nothing for Marketers can be found here.

Visit www.returnpath.com/StopEmailFraud.

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing