Case study
  • 8 minutes read

Protecting customers and employees from fraudulent email. Maintaining brand trust and credibility.

“Organizations must ensure they invest effectively to protect against an ever-evolving and expanding threat landscape.”

– Meagan Burnett, Chief Operating Officer

Blurry Background Image

Financial service provider in South Africa, focused on investment excellence

275bn

Assets under management

150

Employees

50.12%

M&G plc shareholder

One of South Africa's top 10 largest investment managers

Offices in:

Johannesburg - South Africa
Cape Town - South Africa
Durban - South Africa
Port Elizabeth - South Africa
Windhoek - Namibia

Financial services companies are a favorite target for cybercriminals because they hold vast amounts of personal and financial information and are involved in moving large amounts of money on a daily basis. Protecting themselves, their customers and employees from attacks is a priority to avoid financial and reputational damages.

Across the financial services sector, businesses, employees and customers are using email as an important communication tool, making email risk high in this sector. Securing and safeguarding email communication is critical for companies so that customer trust and credibility are maintained.

Financial services companies face persistent email threats on a daily basis that are both customer-targeted and employee-targeted attacks. Impersonation, phishing, spoofing and business email compromise are just some of the methods cybercriminals are using, hijacking the name of a brand and/or an employee, to trick the email recipient into sharing information or even making money transfers straight to a criminal.

Organizations must put suitable measures  in place to ensure emails using their brand identity are the real thing, and all fake emails never see the light of day. Prudential has a legal, ethical and moral responsibility to protect its significant customer base and employees, from email fraud and their information being compromised.

Prudential turned to Sendmarc to put in place the highest level of protection and safeguarding of the company name, so that email fraudsters could not illegally and illegitimately use it for their own gain. Their priority was for their customers and employees to feel safe that communication purporting to be from Prudential was in fact from them. Trust in communication from Prudential was critical.

Prudential’s requirements

Full protection

Full protection of its customers and employees from being targeted by fraudsters illegitimately using the Prudential name.

Legitimate email

Only legitimate email bearing the Prudential name reaches a customer’s or employee’s inbox.

POPIA compliance

Compliance with POPIA requirements to take every measure to safeguard customer information.

Visibility into email environment

Have visibility into their entire email environment and be able to manage all legitimate and illegitimate emails using the company’s name.

Email delivered as intended

All legitimate outbound email reaches its intended destination.

Business as usual

No disruption to the current email environment, with no user or business impact.

Protected within 90 days

Protected state and highest level of security, i.e. p=reject, within 90 days.

Technical expertise

Provider who understands the technicalities of the entire email application and infrastructure layers.

Holistic perspective

Provider who looks holistically at the environment and can work with other service providers.

Complexities of the Prudential’s environment

  • Multiple providers of email services
  • Multiple providers of infrastructure services related to email
  • No single-point accountability for entire email ecosystem
  • No single view or reporting of email real estate
  • Multiple security protocols across infrastructure and application email services
  • Different standards, protocols and policies applied to inbound and outbound emails

Technical solution

DMARC: Domain-based Messaging Authentication, Reporting and Conformance

Results achieved with Sendmarc solutions

  • Achieved p=reject within 90 days
  • Only legitimate emails with Prudential name delivered to an inbox
  • All illegitimate emails blocked
  • Email environment monitored and continual refinement as environment grows
  • Proactively protected against and prevented phishing, impersonation and spoofing attacks
  • All inbound and outbound email working from all email service providers, with correct configurations
  • POPIA compliant with highest security and safeguarding levels of customer information
  • Trust and confidence in Prudential branded email
Share

Latest case studies

All case studies
Sendmarc And System 5
  • 12 minutes read
System 5 Logo
System 5 and Sendmarc: A DMARC partnership built on trust and value
Read more
Growthpoint Properties
  • 5 minutes read
Growthpoint Properties Logo
Cybersecurity in real estate: Growthpoint achieves DMARC enforcement
Read more
Mr Price Group Case Study
  • 5 minutes read
Mr Price Group Ltd
How Mr Price Group curbed spoofing with a DMARC reject policy
Read more