Many agencies yet to fully implement DMARC

In the wake of the ACCC warning that cybercriminals are targeting victims with fraudulent COVID-19 support packages by spoofing government websites and communications, Proofpoint has warned that many agencies are yet to implement controls that can help prevent these attacks.

Research from the cybersecurity company found that only two of 18 agencies evaluated — the Department of Finance and the Department of Environment and Energy — are proactively blocking domain spoofing emails from their domains.

While 14 of 18 departments have published a Domain-based Message Authentication, Reporting & Conformance (DMARC) record, only the two departments mentioned have fully implemented the protocols. The remaining deployments are in monitor or quarantine mode.

Proofpoint Australia Country Manager Crispin Kerr said the findings of the DMARC analysis are cause for concern.

“Our research shows that email remains the weapon of choice for cybercriminals, and to prevent cybercriminals from using an organisation’s likeness, there are open standards available, such as DMARC, to protect legitimate domains and effectively nullify an entire class of email fraud — domain spoofing,” he said.

“DMARC remains the only technological defence that can eliminate domain spoofing. Those organisations that have the strictest level of DMARC implemented will achieve higher success rates in blocking malicious threats and stopping fraudsters from impersonating their brands, potentially saving the everyday Australian thousands of dollars in the process.”

Image credit: ©stock.adobe.com/au/Edelweiss