Don’t Be Phish Food – Newton Enhances ATS Security to Protect Against Phishing
Take a moment to think about the magnitude of email in your day-to-day work. There may not be a single thing as important or more heavily utilized in the business world. From corresponding with co-workers, to coordinating with business partners, to reaching out to and negotiating with vendors, suppliers and customers, there is an endless flow of business logistics and confidential information trickling through business email inboxes everyday.
Email Integrity is Essential for Recruiters and Hiring Managers as they Build Employer Brand
For recruiters and hiring managers, the magnitude of email is further amplified. Email is literally your life blood, serving as your first touch point and main source of contact with candidates. As such, the integrity of your email account is invaluable not only for providing secure communication lines, but also for establishing and building a reputable employer brand and offering an enjoyable candidate experience for job applicants.
Phishing and Other Forms of “Email Spoofing” Is Rampant
Unfortunately, cybercriminals also recognize the importance of email. “Email spoofing,” or the act of manipulating a given email’s header address to cloak it as coming from a different account, is rampant today. Cybercriminals heavily utilize email spoofing as a means to spam users and deploy phishing campaigns. Below are the statistics on these malicious emails:
- 14.5 billion spam messages present on the web
- 73% of this spam is phishing emails
- Spear phishing campaigns targeting employees have increased 55% over the past year
- 80,000 fall victim to phishing emails every day (link to infographic)
Cybercriminals Indiscriminate in Their Targeting of Victims for “Business Email Compromise”
One of the most common byproducts of this malicious spamming activity is business email compromise or “B.E.C.” Through B.E.C., spammers spoof company emails and pretend to be co-workers, vendors, attorneys, and so forth. Under the disguise of these false identities, cybercriminals request wire fraud transfers or obtain access to confidential information. The FBI reports that victims of B.E.C. run the gamut from Fortune 500 companies down to mom and pop boutiques. Below are the FBI findings on B.E.C. attacks:
- From October 2013 through February 2016, law enforcement received reports from 17,642 victims.
- This amounted to more than $2.3 billion in losses.
- Since January 2015, the FBI has seen a 270 percent increase in identified victims and exposed loss.
Beyond Monetary Loss and Exposure of Confidential Information, Organizations Need to Be Worried About Employer Brand
Monetary loss and the exposure of confidential information are not the only concerns around this malicious email activity. You also have your brand reputation to consider. Can you imagine if a hacker began spamming applicants from your email address, blasting them with fake male performance enhancement promotions. Or worse yet, how about a hacker asking for personal information from your applicants, stealing their identities and having the entire scam link back to your company? Definitely not a good look.
Majority of Spear Phishing Attacks Were Targeted at Small and Medium Sized Employers
As a small to medium sized employer, you may be thinking that you are safe from such attacks because cybercriminals only target large corporations. Unfortunately, this is not the case. Spear phishing attacks on small to medium size businesses appear to be growing. In a study run by Symantec, it was discovered that 65% of all spear phishing attacks (link to infographic) were carried out on companies of this size.
Studies Show Many IT Professional Are Not Adequately Prepared To Protect Their Organizations
With this proliferation of malicious spamming activity, even business leaders and IT professionals are not confident in their ability to protect their organizations. According to a recent study, 84% of organizations have been breached by spear phishing attacks and only 11% of organizations feel prepared for such attacks.
Newton On The Forefront of Email Security
At Newton, we refuse to accept this as the status quo. The security and integrity of our customers is of the utmost importance to us. As such we are constantly working on the product front to offer you the most secure solutions. We are excited to announce that we are rolling out email delivery with DKIM and DMARC support. DKIM and DMARC are email authentication protocols, which augment the standard SPF system to further protect you against the malicious spamming activity discussed above. Below is a description of each of these protocols and what they mean for you.
SPF is an email authentication method currently supported by Newton. This framework allows the domain owner to define a list of IP addresses that can send messages from their domain. Anytime an email is sent out from that domain, the IP address associated with that sender is referenced against the established list of IP addresses to verify that the sender is authorized.
DKIM allows the sender to “sign” or “label” their emails through the use of cryptographic technology. Any email containing such a label verifies that the message is coming directly from the original sender and has not been modified in transit. SendGrid offers a comprehensive explanation of DKIM below:
“By ‘signing’ emails with DKIM, legitimate senders can label which domains belong to them, and by doing so, empower ISPs to block email streams that have not been properly authenticated using DKIM.”
DMARC further builds upon the security framework laid down by SPF and DKIM. This protocol establishes rules and guidelines telling a server whether or not to receive an email and what actions should be taken if a message fails SPF and/or DKIM authentication.
Newton Customers Upgrade for Free
Interested in these advanced security measures for your Newton account? Please have your IT team contact us at email@example.com and we will be happy to work with them to get DKIM and DMARC email delivery capabilities set up today!