Some 400 of the largest US companies are at risk of their email domain being hijacked by scammers because they have not implemented DMARC authentication, according to cybersecurity firm Agari.

Domain-based Message Authentication, Reporting, and Conformance (DMARC) allows companies to create a policy for their email domain that prevents scammers from spoofing their address to send malicious emails.

In the first half of 2020, an additional 25 companies from the Fortune 500 list adopted the DMARC security tool.

However, that leaves 80% of Fortune 500 firms at heightened risk of their email domain being spoofed to carry out business email compromise attacks or target their customers with phishing emails.

Agari, which specialises in email protection, cites one case where scammers spoofed a Fortune 100 company brand to send emails to 40,000 customers asking for cash.

Once set up, DMARC allows firms to set up policies to monitor, quarantine and block scam emails that spoof its company domain.

Worldwide there are more than 8 million domains that have implemented DMARC policies, Agari said in its Email Fraud and Identity Deception Trends report.

UK firms also slow to adopt DMARC

The findings, which cover the first half of 2020, found a similar story in the UK. Just 20% of FTSE 100 companies have implemented the strictest DMARC protections for their email domains.

The majority (70%) of business email compromise attacks are now sent from a free webmail account – up 54% in December 2019. Agari notes that these accounts benefit scammers because they can be made quickly and disposed of.

Often these type of attacks involve scammers impersonating a senior employee to ask a colleague to purchase gift cards. According to Agari, the average amount requested by scammers for gift card scams decreased to $1,348 in the first half of the year.

However, the largest wire transfer request was $1.6m – the biggest yet observed by Agari.

Since March the number of coronavirus-themed scams has soared as scammers looked to capitalise on people’s fears. In early June the number of these attacks reached a “crescendo”, Agari said, but attack volume has since “tailed off”.

“CISOs continue to share with us that today’s operating environment is the most dangerous and dynamic to date – and not just because of the effects of Covid-19,” said Armen L Najarian, chief identity officer at Agari.

“Newer email-based attacks evade traditional controls and employees are still falling victim to these attacks despite the heightened attention on phishing.”


Read more: Russian BEC gang Cosmic Lynx fakes M&As to steal millions