Proofpoint, a leading cyber security and compliance company, has released research identifying that only 25 (50%) of the top 50 oil and gas companies that have operations in the Middle East have a Domain-based Message Authentication, Reporting & Conformance (DMARC) record in place, meaning that half of them are leaving customers at heightened risk of email fraud. The lack of a DMARC record makes companies potentially more susceptible to cybercriminals spoofing their identity and increasing the risk of email fraud targeting their customers.
Perhaps more worryingly, only five out of 50 (10%) oil and gas companies have ‘reject’ in place, which means a whopping 90% are not proactively blocking fraudulent emails from reaching customers. Reject is the strictest and recommended level of DMARC protection, a setting and policy that blocks fraudulent emails from reaching their intended target.
DMARC, which is an email validation protocol designed to protect domain names from being misused by cybercriminals, authenticates the sender’s identity before allowing the message to reach its intended designation. It verifies that the purported domain of the sender has not been impersonated and relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the trusted domain.
Click below to share this article
