SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
EasyDMARC reveals alarming rise in suspicious email activity
Fri, 22nd Dec 2023

Email security provider, EasyDMARC, has unveiled research indicating the increasing frequency of emails being marked as suspicious by email authentication techniques like DMARC, SPF and DKIM. Analysing various customer domains across different countries, the research revealed significant increases in identified threats.

During the first six months of 2021, around 10.21% of emails were flagged as suspicious by the email authentication tool. This figure rose to 17.73% for the same period in 2023, marking a notable 75% increase.

Projections indicate this figure will escalate to one in five emails by the close of 2023. Furthermore, EasyDMARC flagged 16,298 emails per domain as potential threats in the first half of 2022, and this rose by almost a quarter (24%) to 20,210 in 2023.

With Gmail and Yahoo set to strictly enforce DMARC protocols for mass email senders in February 2024, it is predicted other email providers may follow suit to combat the rising tide of phishing and spoofing emails.

New data from EasyDMARC has shed light on the growing threat of phishing, with the proportion of emails intercepted by DMARC software undergoing a height of over 7.5% from January 2022 to November 2023. The research was conducted across ten countries, monitoring the amount of emails intercepted by the DMARC technology. First released in 2012, DMARC is a standard that automatically flags and removes inbound emails impersonating sender domains to prevent phishing and spoofing attempts.

EasyDMARC discovered that of 2.5 billion emails sent across 15,440 domains between January and June 2022, over 250 million were flagged as domain impersonation attempts, accounting for 10.21%.

By the same period in 2023, that number had risen dramatically to over 769 million out of a total of 4.34 billion emails, resulting in a 75% rise and representing 17.73%. Early reports suggest that this percentage is set to increase to around 20% by the end of 2023.

The prevalent problem of phishing and cyber attacks of increasing complexity is putting a strain on employees and company leaders alike. The average cost of a cyber attack sits at $4.45 million globally, while the average click rate on phishing campaigns in 2021 was 17.8%. This highlights the pressing need for simple and effective security solutions.

EasyDMARC CEO and co-founder, Gerasim Hovhannisyan, commented on the situation, saying: "Impersonating email addresses and domains continues to be an alarmingly effective tactic used by cybercriminals to bypass cyber defences. The fact that EasyDMARC customers have seen a 70% proportional increase in potentially malicious emails highlights the urgent need for businesses to act."

Hovhannisyan suggests that adopting protocols like SPF, DKIM and DMARC to verify sender identities is one crucial way companies can protect themselves. "Though phishing presents a serious and ongoing danger, we can work together to tackle this growing threat with more vigilance, training and the right tools," he added.