Phishing is a big problem, in several ways it is linked to deliverability. Phishing is the act where criminals try and send email which they make to look as if it comes from a reputable sender. Their goal is to retrieve passwords, credit card data or steal other information / money from the recipients. But how big of a problem is Phishing? And why we need to support DMARC and fight it?
The costs of Phishing
DK media made a great DMARC Infographic where they show Phishing statistics and how DMARC works to fight it. Can you believe that phishing costs brand 70.2 Billion per year, which is an average of $1950 per phish? And the costs aren’t limited to brands. Corporate IT also makes a dip of 28.1 billion because of phishing.
Yearly a rough 36 Billion phishing emails are delivered to the end recipient (not filtered), which comes to 100 million per day.
The industries that are targeted for Phishing.
Financial (47.1%) and payment services (25.6%) are the biggest industries that are being targeted when it comes to Phishing, not surprisingly, seeing that the criminals behind phishing emails are in it to get the money of the recipients.
ISPs government and classifieds also get a piece of the Phishing Pie, but combined these aren’t even a tenth of the number of phishing attacks geared towards Financial industry and payment services.
Hoping that successful implementations of DMARC will be blocking more and more of these emails aiming at Financial and payment services, the focus of Phishers will be shifting to other industries. Looking at current day phishing stats, the industries in line to grow are: Gaming (6.1%), Retail (6.1%), Auctions (4.2%) and social networks (4.1%).
Countries that are hosting phishing websites
USA (46.4%) and Canada (7.3%) would seem to be the biggest countries when it comes to hosting phishing sites. But look at Egypt! 10.5% of the phishing websites are hosted in Egypt, a serious number.
Russia, surprisingly doesn’t host that many phishing websites, with 2,5% it is smaller than countries like Germany and the Netherlands.
Why we need to support DMARC
DMARC stands for Domain-based Message Authentication, Reporting and Conformance. Backed by giants like Google, Facebook, Microsoft, ReturnPath, Yahoo and PayPal, it truly can be what it set out to be: a step forward in the battle against spam and phishing email. The specification allows the senders and ISPs to exchange email authentication and at the same time receive reporting and know how to handle email that doesn’t pass the authentication.
Phishing has a big impact on the financial market and the costs are apparent. But there is another side to it, which has the recipients of email trust the legitimate email they receive less, resulting in lowered income for the legitimate senders. Another reason to go and support DMARC and so everything possible to stop phishing attacks.