Majority Of Top Web Sites Vulnerable To Email Spoofing 

Forty-two percent of the top 500 Web sites in the world have not implemented DMARC, according to Swedish security analyst firm Detectify — leaving many consumers at risk for email-based spoofing attacks. Detectify analyzed the email authentication measures of the top 500 global Web sites, as specified by the Amazon-owned Alexa rankings, and discovered that a majority of the Web sites could be spoofed. Indeed, 276 of the top 500 Web sites were vulnerable to spoofing because they had either misconfigured their email servers or had no authentication measures in place. In addition, 42% of the domains analyzed had not implemented DMARC (Domain-based Message Authentication, Reporting & Conformance).Email spoofing is a common tactic of cybercriminals who manipulate consumers into opening and responding to email solicitations that at first appear to come from a legitimate source.Hackers forge email headers and content to appear to come from a legitimate company, co-worker, family or friend — thus tricking email users into potentially downloading malware, clicking on malicious files or sending confidential information.It’s critical for companies to incorporate authentication measures, such as SPF or DMARC, on to their email servers to protect users and employees from spoofing attacks. The problem, however, is that these authentication measures are confusing and can be set up incorrectly.“We found that less than half of those domains have configured email authentication correctly to prevent spoofed emails being sent from their domains, which means that users are at risk of receiving false emails appearing to come from domains that they trust,” says Detectify in a blog post. “To prevent spoofed emails, all systems must be manually configured correctly to the highest standard of authentication. Unfortunately, the process is complicated, and often servers are misconfigured.”

Source: Majority Of Top Web Sites Vulnerable To Email Spoofing 06/24/2016

Be Sociable, Share!

Leave a Reply

Your email address will not be published. Required fields are marked *