DMARC & BIMI: The Ultimate Multi-tool Against Phishing and Ransomware

Email phishing is the most dominant attack vector for cybercrime and ransomware worldwide. Hackers aren’t sneaking in through some backdoor, instead, they’re strolling in through the front thanks to insecure or misconfigured email systems and a lack of sufficient protocols.

But what are the measures businesses need to be putting in place to stop this, and how can the retail and hospitality sector ensure it’s making the right decisions for its email security infrastructure, protection of customer data, and business reputation?

What is DMARC, and why is it a must for the Retail and Hospitality sectors?

DMARC stands for Domain-based Message Authentication, Reporting, & Conformance. It’s an email authentication protocol that protects domains from exact impersonation. When it’s properly configured at p=reject, it uses existing security protocols SPF and DKIM to make sure that the emails sent using your domain are legitimate. This in turn stops hackers from impersonating your brand, phishing your supply chain, and damaging your reputation.

The consequences of impersonation attacks on the retail and hospitality industry can be devastating. Stolen money, while damaging, can usually be recovered or replaced. But stolen data and sensitive information can create far more serious problems for business health and reputational standing.

Large financial penalties, irreparable reputational damage, and loss of consumer confidence have all been known to spell disaster for retail firms in the past. This isn’t surprising, given that 81% of people need to be able to trust the brands they buy from[1], and 35% of people consider trust in a brand to be the most motivating factor to interact with it[2].

What does the current uptake of DMARC look like in the retail and hospitality sectors?

Currently, just 6% of the world’s top retailers are fully DMARC compliant[3], and this figure is only slightly higher for hospitality. It’s clear that there’s a significant gap for cyber attackers to take advantage of these data-rich sectors, brimming with customer information and ready and waiting to be harvested. It’s now more important than ever that these companies harness and employ the most essential step to safeguard their assets, data, and reputation.

Does DMARC offer business benefits too?

As well as the obvious security advantages, DMARC has a host of pros that make marketers happy as well and can ultimately improve a company’s bottom line. By implementing DMARC at p=reject you’re actively stopping hackers from impersonating your brand, meaning recipient servers can be confident that your emails are from an authenticated source, and deliverability rates and domain reputation can improve through the process of implementation. It can also positively impact inbox placement.

BIMI is a no-brainer for retail and hospitality businesses

Then of course there’s BIMI, Brand Indicators for Message Identification. This new standard – made generally available by Google in July and already in use at Yahoo and Fastmail – allows businesses to attach registered logos to DMARC authenticated emails using a VMC (Verified Mark Certificate).

This standard not only encourages the globalized adoption of DMARC (a prerequisite for its use), but it’s also been shown to improve how consumers interact with emails. In research carried out alongside our partner Entrust, we found that showing a registered logo in emails increased opens by 38%, trust in an email’s legitimacy by 90%, and brand recall by as much as 120%.

But perhaps most importantly, we found that consumer purchase likelihood was also positively affected by showing a registered logo in an email. In the US, a leading food delivery services brand with more than half the market share and no logo lost 24% of sales share. Meanwhile, the competitor who did display a logo gained 34%. BIMI is an all-round no-brainer for retail and hospitality businesses everywhere.

Find out how to implement DMARC and BIMI for your business

Join Red Sift & Entrust on October 28 for this RH-ISAC webinar on protecting your domain and brand against damaging impersonation attacks. Learn about the email security protocol that can protect your domains from email forgery while reinforcing your brand.

In the webinar we’ll cover:

  • Why phishing attacks are so prevalent and how emails are easily spoofed, leading to breaches
  • How to employ the use of a domain authentication-based framework to protect your domain
  • How to enable a new standard that increases your brand visibility in email, builds on this security, and increases the efficacy of your email marketing
  • Actionable steps you can immediately put in place to reduce the risk of becoming a victim of business email compromise (BEC)

Contact [email protected] to register for the event.

 

 

[1]https://www.edelman.com/sites/g/files/aatuss191/files/2019-06/2019_edelman_trust_barometer_special_report_in_brands_we_trust.pdf
[2] https://www.pwc.com/gx/en/industries/consumer-markets/consumer-insights-survey/consumer-trust.html
[3] https://go.redsift.com/retail-whitepaper.html

More Recent Blog Posts

2024 RH-ISAC Cyber Intelligence Summit logo

Register for RH-ISAC Summit

Our biggest event of the year is coming up soon! Join RH-ISAC April 9-11 in Denver for our annual three-day conference featuring interactive, practitioner-led discussions, breakout sessions, and keynote presentations.