Proofpoint Warns 90% of Singapore’s Rapidly Expanding Companies of Email Fraud Risk
Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research that found only 10% of the fastest-growing companies in Singapore have implemented the recommended and strictest level of email authentication, which prevents threat actors from spoofing organisations’ identities and reduces the risk of email fraud.
The findings are based on an analysis of 97 of Singapore’s fastest-growing companies Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email validation protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender’s identity before allowing a message to reach its intended destination. DMARC has three levels of protection – monitor, quarantine and reject with reject being the most secure for preventing suspicious emails from reaching the inbox.
“Email is the lifeblood of the modern economy — the daily exchange of millions of emails supports almost every aspect of business. Despite the strong emphasis on the importance of email authentication by security professionals globally, companies still fail to see the danger they put their stakeholders in without the implementation of DMARC policies,” said Philip Sow, Head of Systems Engineering, South East Asia and South Korea at Proofpoint. “Not adopting DMARC could open these companies to email fraud, thereby impending future growth opportunities if these companies fall prey to phishing and impersonation attacks.”
In the current landscape, Google and Yahoo! have announced a recent initiative. Starting in February 2024, they now require email authentication to be able to send messages from their platforms. This move signifies that important steps are being taken to prevent spam and scams. These security requirements will apply especially to accounts that send large volumes of emails per day, which will have to have the DMARC authentication protocol deployed, amongst other measures. Failure to comply will significantly impact the deliverability of legitimate messages to customers with Gmail and Yahoo! accounts.
Proofpoint’s research revealed that whilst 59% of Singapore’s fastest-growing companies have adopted a DMARC protocol, only 10% are properly implementing DMARC to the recommended and highest level by blocking suspicious emails. Worryingly, this means that 41% of Singapore’s fastest-growing companies have not implemented DMARC at all, and those that lag in DMARC adoption will now need to catch up quickly if they wish to continue sending emails to their customers. Organisations that don’t comply could see their emails routed directly to customers’ spam folders or rejected altogether.
The full findings of Proofpoint’s DMARC analysis of Singapore’s fastest growing companies show:
-
90% of companies currently do not enforce the recommended strictest level of DMARC (reject), while 41% of companies do not have any DMARC record at all and are wide open to email fraud and domain spoofing attacks.
-
59% of companies have some form of DMARC adoption in place, though these policy levels differ as follows:
-
10% have DMARC – Reject in place, the strictest recommended level which blocks unqualified emails from getting to the recipient.
-
19% have DMARC – Quarantine, which directs unqualified emails to go to the recipient’s junk or spam folder.
-
30% have DMARC – Monitor, which does not change how inboxes receive emails but allows senders to collect information about their email sources.
-
Below are some best practices Proofpoint recommends:
-
Check the validity of all email communication and be aware of potentially fraudulent emails impersonating colleagues, suppliers, and stakeholders.
-
Be cautious of any communication attempts that request log-in credentials or threaten to suspend service or an account if a link isn’t clicked.
-
Follow best practices when it comes to password hygiene, including using strong passwords, changing them frequently and never re-using them across multiple accounts.
This analysis was conducted in January 2024 using data from The Straits Times’s Singapore’s fastest-growing companies 2024 list.