BLOG ARTICLE

Preventing phishing emails: Are we missing the point?

Fraudulent emails sent by someone pretending to be legitimate in order to trick you into divulging personal details like banking details or passwords is nothing new. But despite how familiar we become with the concept, email phishing continues to be on the increase with each passing year.
background image

The concept of email phishing

It happens all over the globe, not just in South Africa, and results in losses of hundreds of millions of Rands to every year. Recently, Carte Blanche published a special report on phishing, and African Bank has also released similar analysis describing this growing problem, which puts companies at huge risk of losing not just money but personal data related to their businesses and employees as well.

 

Both articles present good information about changing user behaviour in order to prevent potential phishing and/or spoofing attacks. But from a broader perspective, are we missing the point, in that there are well defined technical ways of preventing these attacks in the first place?

 

As the old adage says, prevention is better than cure, and what many businesses don’t realise is that there are technical solutions that can prevent the problem fraudulent emails even being sent from their domains. If this is done properly, then educating employees about potential spoof emails becomes a secondary priority.

 

So, what are these technical solutions? The best current solution is implementing a DMARC policy on your domain. Full DMARC compliance will ensure that only legitimate non-fraudulent senders are able to send email from your domain and your business can stop will stop attackers from sending illegitimate email from your domain.

 

On the flip side, you can be almost 100% certain that when you received mail from another domain which is DMARC compliant it almost definitely comes from that organisation. When it comes to phishing, it seems the user is almost always blamed. But while user behaviour is important, it’s certainly not the whole picture.

 

The fact that it’s actually possible to trust that the mail you received was sent by the actual organisation and not an attacker is a game-changer when it comes to the phishing epidemic. With the right technical solutions in place – such as DMARC compliance – you can avoid the whole issue altogether, which takes the pressure off educating your users.

 

At Sendmarc, our mission is to make sure companies know about the technical fixes available and implement them – and only then, worry about what their users are doing.

Share

LATEST ARTICLES

SSO Integration Blog Card Image | Sendmarc | Dmarc Protection and Security

Why SSO Is Essential for the Modern Business

Explore Single Sign-On (SSO) features, benefits, and integration options, and learn how it strengthens your business’s cybersecurity.
DMARC Policy Blog Card Image | Sendmarc | Dmarc Protection and Security

Understanding DMARC policies – p=none, p=quarantine, p=reject

Discover how implementing the right DMARC policy in your business can stop email impersonation, protect brand reputation, and boost deliverability.
A cybercriminal uses a laptop and targets holiday shoppers. A shopping cart is displayed above, a warning of the threat.

Protect Against Holiday Cybersecurity Threats

In our latest article, you’ll discover how to safeguard your business against the rise in holiday season cybersecurity threats.