Online Businesses Could Do More to Protect Their Reputations and Prevent Phishing Schemes That Target Consumers
Phishing is a type of online scam that targets consumers by sending them an email that appears to be from a well-known source
According to a recent study released by the Federal Trade Commission's (FTC) Office of Technology Research and Investigation (OTech), most major online businesses are using proper email authentication technology to prevent phishing emails, but few of these businesses are taking full advantage of the latest technologies to combat phishing scams.
Phishing is a type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source such as an internet service provider, a bank, or a mortgage company. It asks the consumer to provide personal identifying information, and then the scammer uses the information to open new accounts or invade the consumer's existing accounts.
Specifically, the OTech study found that 86 percent of major online businesses it studied are using Sender Policy Framework (SPF), an email authentication technology that enables Internet Service Providers (ISPs) to determine whether email messages claiming to be from a particular business are actually coming from that business.
Fewer than 10 percent of the businesses that OTech studied, however, have implemented a supplemental technology—known as Domain Message Authentication Reporting & Conformance (DMARC)—in a manner which would allow the businesses to receive intelligence on potential email spoofing attempts and instruct ISPs to automatically reject any unauthenticated messages that claimed to be from the businesses' email addresses.
By using DMARC to instruct receiving ISPs to reject unauthenticated messages, OTech says that online businesses could further combat phishing by keeping these scam emails from showing up in consumers' inboxes.
Read the full OTech study here.