Any emails you receive from social media companies are least likely to be targeted by cybercriminals.
This is according to email security provider Agari, whose second quarter report involved the analysis of over a trillion emails and using its own metrics – a TrustScore and a ThreatScore.
As a result, electronic correspondence from social media organisations – the category leader in this instance being Facebook – is the most secure, with a TrustScore of 73.1. Logistics firms (58.8) came second, with travel companies (17.2) being by far the least secure.
This was in part down to seemingly lax standards across the board. “While companies…have endured repeated news headlines about phishing scams victimising their consumers, airlines still struggle to fortify its defences,” the report wrote, noting that American Airlines, SkyWest and JetBlue have failed to deploy authentication standards.
Interestingly, online gaming companies were tracked for the first time in Q213, with an overall trust score of 37.7. The report notes that the risk threshold was greater due to a younger age of email recipients “that may not be savvy to distinguishing between valid and malicious email.”
Digging deeper into social, Instagram in particular beefed up its defences with “additional investment in user trust” during the second quarter. Facebook and Twitter recorded perfect scores, indicating their defences were watertight, with Google and LinkedIn trailing “by razor-thin margins”.
“The good news is that social media has the best defences,” Bob Pratt, Agari VP product management said in the report. “The bad news is that the cyber-criminals are turning their attention to other sectors that are significantly more vulnerable.”
The battle against phishing of course hasn’t been won yet, but technology such as DMarc (domain-based message authentication, reporting and conformance) is certainly helping.
The open standard was formed and developed by 15 big tech players, including Google, Microsoft and PayPal, alongside email security firms – of which Agari is unsurprisingly a part – to aid authentication and provide a feedback line of defence between email senders and recipients.
What conclusions can be drawn from this therefore? For email marketers, be vigilant that scammers aren’t able to trade off your name, and ensure your security is good enough to swat away any attacks. But what do you think? What’s the worst phishing email you’ve ever received?