why marketers should fight email fraud - webinar deck

Place Image

© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used

herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other

product and company names mentioned herein are the trademarks of their respective owners.

No part of this copyrighted work may be reproduced, modified, or distributed in any form or

manner without the prior written permission of Experian. Experian Confidential.

Why Marketers Should Fight Email Fraud Tuesday, May 24

2 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Follow us on Twitter

@ExperianMkt | @returnpath | @stopemailfraud

Use our hashtag #MarketersUnite

Please type in your questions using the chat box

Yes! There will be a recording

Welcome!

3 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Spencer Kollas

VP, Global Deliverability

Experian Marketing

Services

David Gamber

Marketing Specialist

Experian Marketing

Services

Brian Westnedge

Senior Director

Email Fraud Protection

Return Path

Our Speakers Today

4 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Email Fraud Overview

Why Should Marketers Care?

Email Authentication 101

Marketers Unite! Best Practices for Fighting Email Fraud

Q&A

Agenda

© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.

Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any

form or manner without the prior written permission of Experian. Experian Public.

Email Fraud Overview

6 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Email Delivers Business Value

Of customers made a

purchase following an

email marketing message

(DMA)

66% Of customers rate email

as the most preferred

method of communication

(Marketing Sherpa)

72% Of ROI comes from

targeted email campaigns.

(DMA)

77%

7 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Email Is Inherently Insecure

Source: Simple Mail Transfer Protocol (RFC 2821)

8 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

That’s Why It’s the Weapon of Choice for Cybercriminals

Customers are 42% less

likely to interact with a

brand after being phished

or spoofed

(Cloudmark)

42% Email Fraud has up to a

45% conversion rate

(Google)

45% 97% of people globally

cannot identify a

sophisticated phishing

message

(Intel)

97%

9 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Email fraud is the intentional deception made for personal gain through email.

What Is Email Fraud, Exactly?

Spam

Malicious email sent in bulk.

Spoofing

The forgery of an email so that it appears to have come from someone other than the actual source.

Phishing

A type of spam that tricks users into giving up sensitive information.

10 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

The Anatomy of a Phishing Email

to: You <you@yourdomain.com>

from: Phishing Company <phishingcompany@spoof.com>

subject: Unauthorized login attempt

Dear Customer,

We have recieved noticed that you have recently

attempted to login to your account from an unauthorized

device.

As a saftey measure, please visit the link below to

update your login details now:

http://www.phishingemail.com/updatedetails.asp

Once you have updated your details your account will

be secure from further unauthorized login attempts.

Thanks,

The Phishing Team

1 attachment

Making an email

look legitimate by

spoofing the

company name in

the “Display Name”

field.

Tricking email

servers into

delivering the email

to the inbox by

spoofing the

“envelope from”

address hidden in

the technical header

of the email.

Including logos,

company terms,

and urgent

language in the

body of the email.

Making an email

appear to come

from a brand by

using a legitimate

company domain, or

a domain that looks

like it in the “from”

field.

Creating convincing

subject lines to drive

recipients to open

the message.

Including links to

malicious websites

that prompt users to

give up

credentials

Including

attachments

containing malicious

content.

11 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Many Phishing Emails Are Sophisticated

© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.

Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any

form or manner without the prior written permission of Experian. Experian Public.

Why Should Marketers Care?

13 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Phishing Leads to Lost Revenues

Fraud Losses Malware Infection Investigation Remediation

14 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Phishing Leads to Unwanted Media Attention

15 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Phishing Leads to Unwanted Media Attention

16 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Phishing Leads to Unwanted Media Attention

17 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Phishing Leads to Unwanted Media Attention

18 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Phishing Leads to Unwanted Media Attention

19 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Phishing Leads to Unwanted Media Attention

20 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Phishing Leads to Drop in Email Performance

1 in 5 attacks

results in reduced

deliverability

1 in 3 attacks

results in reduced

engagement

21 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Google has started to flag emails that fail email authentication checks by replacing the sender’s avatar with a red question mark:

Mailbox Providers Are Removing the Guesswork

22 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

“We’re rapidly moving toward a world where all email is

authenticated… If your domain doesn’t protect itself with

DMARC, you will be increasingly likely to see your

messages sent directly to a spam folder or even

rejected.”

—John Rae-Grant, Product Manager

23 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

As owners of the email channel, marketers have a responsibility to help protect it. Some marketers are already leading the way…

The Marketer’s Responsibility

“Our commitment to delivering unparalleled customer service has

made Neiman Marcus one of the most recognized and trusted

luxury brands in the world. Email fraud undermines that trust,

harms consumers and our business, and it needs to stop. We are

taking proactive actions to combat potential future spoofing and

phishing attacks. Working with Return Path will help us to deliver

a safe customer experience for all of our valued email

subscribers.”

—Catherine Davis, VP of Marketing, Neiman Marcus

© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.

Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any

form or manner without the prior written permission of Experian. Experian Public.

Email Authentication 101

25 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

There are three key authentication protocols to know:

1. SPF (Sender Policy Framework)

2. DKIM (DomainKeys Identified Mail)

3. DMARC (Domain-based Message Authentication Reporting & Conformance)

Email Authentication Keeps Bad Email Out

26 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Prevents fraudsters from spoofing the sending domain contained within the “envelope from” (aka mfrom or return path) address.

Makes your domain is less attractive to phishers.

SPF (Sender Policy Framework)

27 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Can ensure that the message has not been modified or tampered with in transit.

Can help inform how mailbox providers limit spam and spoofing.

Not a universally reliable way of authenticating the identity of a sender.

DKIM (DomainKeys Identified Mail)

28 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Makes the “header from” address (what users see in their email clients) trustworthy.

Helps protect customers and the brand.

Discourages cybercriminals are less likely to go after a brand with a DMARC record.

DMARC (Domain-based Message Authentication Reporting & Conformance)

29 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

The Benefits of DMARC

Protects Brand

Reputation

Grants Insight

into Threats

Increases Email

Performance

Reduces Customer

Service Cost

Reduces

Phishing Costs

© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.

Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any

form or manner without the prior written permission of Experian. Experian Public.

Best Practices for Fighting Email Fraud

31 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Communicate the risks that result from not taking action:

1. Email fraud destroys brand reputation and erodes brand trust

2. Email fraud thwarts email marketing effectiveness

3. Email fraud hurts revenue

Raise Awareness with Top Executives

32 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Some bad email will always reach the inbox. Educating customers is a great way to mitigate the impact of those fraudulent messages.

Educate Your Customers

33 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Collaborate with your security and messaging teams to:

Identify sending domains and get visibility into your email ecosystem.

Identify roles and responsibilities.

Educate your team about key authentication policies and protocols.

Collaborate with Security and Messaging Teams

34 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Invest in Email Fraud Protection

Defend Your Customers, Brand, and Bottom Line

Detect & block fraudulent

emails spoofing your

brand before they hit

consumer inboxes

Bolster malicious URL

takedown efforts with

real-time email threat

detection

Reduce spend on fraud

reimbursements, phishing

remediation, and customer

service costs

35 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Return Path Blocks Emails Spoofing Your Domains and Your Brand

© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.

Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any

form or manner without the prior written permission of Experian. Experian Public.

Conclusion

37 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Don’t depend on people as the first line of defense.

Understand who is sending emails “from you”.

Ensure that only trusted parties send email “from you”.

Rebuild trust in email and push the criminals to the margins.

Time to Secure the Email Channel!

1

2

3

4

38 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Learn More

“Plain English” blog post series

blog.returnpath.com

“The Marketers Guide to Email Fraud”

rtpth.co/MarketersGuide

39 © 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

For a free, 30-day trial of Return Path’s Email Fraud Protection solution, contact the EMS Client Success Team.

Free 30-day Trial!

© 2016 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc.

Other product and company names mentioned herein are the trademarks of their respective owners. No part of this copyrighted work may be reproduced, modified, or distributed in any

form or manner without the prior written permission of Experian. Experian Public.

Questions?

© 2016 Experian Information Solutions, Inc. All rights reserved. | Experian Public.

Thank You!