Two cybersecurity companies, Agari and Farsight Security, published a report that revealed that 90% of brands fall prey to domain name fraud. At the same time, Farsight Security discovered that 99% of the sites in its study didn’t use DMARC, an important email authentication protocol that Gmail and some governments have already deployed for their email systems to lower email fraud and phishing attempts.

DMARC - Important Against Domain Spoofing

Without DMARC authentication, malicious actors can impersonate legitimate companies in the emails they send as spam to internet users. The users would see the “sender email” as a legitimate-looking email address, such as “email@paypal.com,” even though the email would have nothing to do with PayPal, in this case.


Additional Findings

The research by Agari and Farsight Security found that healthcare is the most targeted industry by phishers right now. Over 92% of healthcare domains have been targeted by domain name spoofing. In fact, the majority of emails (58%) that appear to be sent by healthcare companies are actually sent by malicious actors. This not only endangers patients, but also lowers their trust in healthcare providers in general. Only between 10% and 20% of the healthcare companies use DMARC authentication for their domains.

The research also found that the government sector is the second most attacked industry, with 87% of the domains being targeted. Over 12% of the emails that appear to be sent by the U.S. government are malicious, which is significantly higher than the global average of 3%.