Latest news with #EasyDMARC
Forbes
26-07-2025
- Forbes
Google Warns This Email Means Your Gmail Is Under Attack
You do not want to get this email. With all the cyber security attacks compromising smartphones and PCs, it would be easy to conclude there's little you can do to stay safe. But the truth is very different. Most attacks are easily prevented with a few basic safeguards and some know-how. In reality, a number of simple changes can defend against most attacks. So it is with the FBI's two warnings this week. The first a resurgence of the Phantom Hacker attacks which trick PC users into installing rogue apps. And the second a raft of fake Chrome installs and updates which provide initial access for ransomware. If you just avoid installing linked apps in this way you will steer clear of those attacks. It's the same with a new Amazon impersonation attack that has surged 5000% in just two weeks. Don't click links in messages — even if they seem to come from Amazon. And now Gmail attack warnings are turning up again on social media, which will likely frustrate Google, because their advice has been clear but is not yet landing with users. The latest Gmail warnings come courtesy of a refreshed EasyDMARC article covering the 'no-reply' attacks from earlier this year, hijacking 'no-reply@ to trick users into clicking links and giving up their Google account sign-in credentials. Here again the advice is very simple. It shouldn't matter whether an email appears to come from Google. If it links to a sign-in page, it's an attack. Period. And that means any email that seems to come from Google but has a sign-in link must be deleted. 'Sometimes,' Google warns, 'hackers will copy Google's 'Suspicious sign-in prevented' emails and other official Google emails to try to steal someone's account information.' But the company tells all account holders that 'Google emails will never take you to a sign-in page. Authentic emails sent from Google to your Google Account will never ask you to sign in again to the account they were sent to.' It's as simple as that. Similarly, Google will never 'ask you to provide your password or other sensitive information by email or through a link, call you and ask for any forms of identification, including verification codes, send you a text message directing you to a sign-in page, or send a message via text or email asking you to forward a verification code.' With that in mind, you should not fall victim to these Google impersonation attacks, and if you stick to the basic rules on installs, links and attachments, then you'll likely stay safe from most of the other ones as well.
Techday NZ
18-06-2025
- Health
- Techday NZ
Major healthcare providers leave email systems open to phishing risk
More than a third of the world's largest healthcare providers are yet to implement essential email security measures against phishing and spoofing, according to research conducted by EasyDMARC. The report analysed the adoption of DMARC, an email authentication protocol, across 4,100 prominent hospitals and clinics in both the United States and Europe, including the 100 highest-ranked healthcare organisations worldwide. The research revealed that while the proportion of top providers using DMARC increased marginally from 62% in 2024 to 65% in 2025, a substantial 35% still operate without DMARC protection altogether. Of those that have put DMARC in place, the study found that nearly half are not fully utilising its protective capabilities. Just 18% of the top 100 global providers have enforced DMARC to actively block suspicious emails, whilst 48% are using the weakest setting-known as 'p=none'-which merely monitors email activity and does not prevent fraudulent messages from reaching inboxes. Ongoing cyber threats The findings come against a backdrop of significant cyberattacks targeting the healthcare sector in recent years. This includes a notable breach at the UK's National Health Service (NHS) in 2024, where almost 400GB of patient data was illicitly obtained, as well as disruptions experienced by Yale New Haven Health in Connecticut. The report highlights that the sensitive nature of healthcare data and the sector's vital societal role make it an attractive target for cybercriminals. Healthcare organisations, which are heavily reliant on digital communication and critical infrastructure, are especially susceptible to cyber threats such as phishing attacks. Such incidents not only threaten financial loss but can also impact patient safety and healthcare delivery. DMARC functions by verifying whether incoming emails originate from approved sources, allowing organisations to block potentially fraudulent emails before they reach users. Full enforcement requires setting DMARC to 'p=reject', which rejects unverified emails outright rather than simply monitoring them. Regional differences in protection EasyDMARC's analysis of 2,000 of the largest European healthcare providers indicated that only 48% have DMARC implemented, and of those, over half have the setting at 'p=none'. This approach fails to block harmful messages, leaving significant vulnerabilities. In the United States, DMARC adoption reaches 55%, but nearly 40% of these providers also operate with the weakest monitoring-only policy. The research indicates that, despite an increase in awareness of email security, many healthcare providers remain exposed and have not moved towards policies that fully block phishing attempts. With over 90% of all cyberattacks said to originate via email phishing, the lack of comprehensive DMARC enforcement is highlighted as a substantial and ongoing risk. Industry-wide changes in policy from major email providers, including Google, Yahoo, and Microsoft, have made it mandatory for bulk email senders to enforce DMARC, reflecting the protocol's place as an industry standard. Microsoft's requirements came into force in early May. Call for stricter enforcement Gerasim Hovhannisyan, CEO of EasyDMARC said: "The healthcare sector is under constant pressure to protect patients, keep services running, and manage sensitive data, but too many organisations are still stopping short of full protection. DMARC only works when it's configured properly and enforced, and that means setting it to 'p=reject'. Anything less leaves inboxes open to impersonation and phishing attacks. For healthcare providers, the risk isn't just financial; it's operational and deeply human. Every unprotected email domain is another opportunity for attackers to disrupt care and put lives at risk." Data from the report also breaks down DMARC deployment within each region. In Europe, 955 of the 2,000 largest healthcare domains have valid DMARC records, but only 241 are set to 'p=reject' and 229 to 'p=quarantine', with the remainder on monitoring only. In the United States, 1,103 of 2,000 have DMARC records, 170 set to 'p=reject', and 501 to 'p=quarantine'. For the top 100 global providers, 65 domains have DMARC, with just 12 set to enforcement and 22 to quarantine. Healthcare providers are being encouraged by security experts to review their DMARC configurations and move toward full enforcement settings to better safeguard sensitive information and maintain the continuity of essential services in the face of increasingly sophisticated cyber threats.
Techday NZ
13-06-2025
- Business
- Techday NZ
Just 3% of New Zealand domains enforce top anti-phishing policy
Only 3% of New Zealand domains have implemented full protection against phishing according to new research by EasyDMARC. EasyDMARC's analysis covered 141,242 domains registered in New Zealand, highlighting a low adoption rate of the strictest email authentication setting known as DMARC at p=reject. DMARC, or Domain-based Message Authentication, Reporting & Conformance, is a protocol designed to verify that emails are legitimately sent by the domain they claim to represent, with the p=reject policy providing the highest available security by blocking unauthorised emails outright. This scrutiny comes as the government introduces the Secure Government Email Framework, which will require all public sector domains to enforce DMARC at the p=reject setting by October 2025. The requirement targets government domains, but the implications reach across public and private sectors. Non-compliant vendors, councils, NGOs, and universities not only risk delivery failures for legitimate communications, but are also vulnerable to impersonation and phishing incidents. EasyDMARC's research found that just 24.5% of New Zealand domains have valid DMARC records. Of those, a significant 72.4% use the policy set to none, which only monitors for suspicious activity but does not take any blocking action. Only 3.1%, or 4,327 domains, enforce the p=reject setting, meaning the overwhelming majority of domains are not proactively preventing phishing attacks. The findings underscore concerns around email-based cyberattacks in the country. Phishing accounts for more than 90% of all cyberattacks globally, giving urgency to calls for more comprehensive enforcement of DMARC policies. Gerasim Hovhannisyan, CEO of EasyDMARC, stated: "Most organisations set up DMARC but don't enforce it. By mandating DMARC at its strictest level, p=reject, New Zealand is leading by example, showing that email security only works when enforcement is taken seriously. Too many organisations stop at 'p=none', the weakest DMARC setting, which merely monitors for fraudulent emails without taking action. This creates a false sense of security while leaving the door wide open to phishing attacks. Our research shows that only 9.5% of the top global 1.8 million domains have reached p=reject – the only DMARC policy that actively blocks spoofed emails. This gap between adoption and proper enforcement is exactly why email remains the most common attack vector. Today's phishing attacks aren't the clumsy scams we used to see. Thanks to AI, they're now flawless, highly targeted messages that look and feel legitimate. We can't expect employees to spot them in a flood of emails, and relying on outdated filters or passive monitoring just isn't enough. Organisations need a system that blocks unauthorised senders before their message even hits the inbox. By enforcing p=reject, New Zealand has built exactly that system for its public sector. Email is still how governments issue updates, how companies close deals, and how people reset passwords. If we can't trust what's in our inboxes, the whole system falters. New Zealand's new email security mandate sets a clear benchmark, and it puts pressure on others to stop pretending that partial implementation is progress." The Secure Government Email Framework's upcoming mandate intends to standardise security practice across government entities, but the new research suggests most domains - both public and private - are not yet in line with these requirements. EasyDMARC's data shows significant room for improvement if organisations are to protect email communications and comply with incoming regulations. With New Zealand's digital economy expanding rapidly, the research points to a gap between policy and practice regarding email security, highlighting ongoing challenges for organisations seeking to protect users and data from phishing attacks. Follow us on: Share on:
Techday NZ
30-05-2025
- Business
- Techday NZ
Most high-traffic email domains still vulnerable to phishing
New research from EasyDMARC has found that 92% of the world's top 1.8 million email domains lack adequate protection against phishing attacks. The EasyDMARC 2025 DMARC Adoption Report has revealed that only 7.7% of these domains are fully protected using the strictest DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy, known as 'p=reject'. This policy is designed to actively block malicious emails from being delivered to inboxes. DMARC is an email authentication protocol that builds on existing standards such as SPF and DKIM, allowing domain owners to specify how they want mail servers to handle emails that fail authentication checks. The protocol also enables domain owners to receive reports on emails sent under their domain name, providing vital records of authentication attempts and potential abuse. EasyDMARC's analysis demonstrates that although there has been a noticeable increase in DMARC adoption since 2023 — largely due to regulatory initiatives and mandates from major providers including Google, Yahoo, and Microsoft — most organisations opt for the weakest available configuration, 'p=none'. This setting only monitors for threats, rather than thwarting attacks by blocking illegitimate emails. The report, which reviewed security practices across the most-visited websites globally as well as Fortune 500 and Inc. 5000 companies, shows a continued gap between DMARC adoption and meaningful implementation. More than half (52.2%) of the surveyed domains have not implemented DMARC at any level, leaving them exposed to phishing and spoofing risks. Among domains that do have a DMARC record, most have not configured enforcement policies or reporting mechanisms necessary for full protection. The research also found that over 40% of the domains with a DMARC record did not include any reporting tags. This omission means these organisations have little to no visibility into authentication failures or an understanding of who might be sending emails on their behalf. Gerasim Hovhannisyan, Chief Executive Officer of EasyDMARC, addressed the misconception surrounding DMARC adoption: "There's a growing perception that simply publishing a DMARC record is enough. But adoption without enforcement creates a dangerous illusion of security. In reality, most organisations are leaving the door wide open to attacks targeting customers, partners, or even employees." Mandates have had a measurable effect. In the United States, where regulatory enforcement is strong, the proportion of phishing emails accepted dropped from 68.8% in 2023 to just 14.2% in 2025. Similar progress was noted in the UK and the Czech Republic, countries that also enforce DMARC usage. However, countries without strict requirements, such as the Netherlands and Qatar, showed minimal improvement in reducing phishing acceptance rates. Recent high-profile cyber attacks, including those targeting retailers such as M&S and Co-op, serve as a backdrop for the report's release. In these incidents, attackers exploited weaknesses in email security through social engineering, costing affected businesses hundreds of thousands in losses. According to EasyDMARC, the increasing sophistication of phishing, partly driven by the use of AI, magnifies the risks for organisations that are inadequately protected. Hovhannisyan further commented: "Misconfigurations, missing reporting, and passive DMARC policies are like installing a security system without ever turning it on. Phishing remains one of the oldest and most effective forms of cyberattack, and without proper enforcement, organisations are effectively handing attackers the keys to their business. As threats grow more sophisticated and compliance pressures mount, stopping halfway with DMARC enforcement is no longer an option." The report methodology combined public DNS data with proprietary data collected through EasyDMARC's platform. It involved the review of aggregate DMARC reports from major mailbox providers and included a survey of 980 IT professionals across the United States, United Kingdom, Canada, and the Netherlands. This allowed for insights into regional differences in phishing trends, adoption challenges, and the varying influence of regulatory mandates. The research concludes that while DMARC adoption has increased, genuine protection against phishing relies on both enforcement and visibility — elements still missing for the vast majority of high-traffic domains worldwide.
Associated Press
11-04-2025
- Business
- Associated Press
HiCamp Partners Joins EasyDMARC's MSP Program to Enhance Email Security and Deliverability for Clients
DOVER, DE, UNITED STATES, April 11, 2025 / / -- EasyDMARC, a vendor of the cloud-native email security and deliverability platform, announced today a strategic partnership with HiCamp Partners, a leading email marketing agency, based in New York, USA. This partnership will help HiCamp Partners protect their clients' email domains from being used for phishing and other fraudulent activities, as well as improve their email deliverability rate. Email security has become a significant concern for businesses of all sizes as cyberattacks, such as phishing and spoofing, are becoming increasingly sophisticated. Verizon DBIR mentions that 93% of all successful cyberattacks begin with a phishing email. In light of this, HiCamp Partners has taken a proactive approach to help its clients secure their email domains and protect their sensitive information. 'At HiCamp Partners, ensuring flawless email deliverability is a top priority for our clients. EasyDMARC has been instrumental in streamlining authentication protocol setup and optimization, helping us fix DNS misalignments that could otherwise block crucial emails. Their platform makes what can be a complex process significantly more manageable, allowing us to focus on driving results for eCommerce brands., ' said Nolan Butler, Co-Founder at HiCamp Partners. 'We are thrilled to welcome HiCamp Partners to our growing partner network. Their commitment to delivering exceptional IT services and support to their clients aligns perfectly with our mission to make email safer for everyone,' said Gerasim Hovhannisyan, CEO of EasyDMARC. The DMARC standard enables the automatic flagging and removal of receiving emails that are impersonating senders' domains. It is a crucial way to prevent outbound phishing and spoofing attempts. About HiCamp Partners HiCamp Partners is a lifecycle marketing agency specializing in email and SMS for eCommerce brands. The company focuses on optimizing deliverability, crafting high-converting campaigns, and building retention strategies that drive long-term revenue. About EasyDMARC EasyDMARC is a cloud-native B2B SaaS to solve email security and deliverability problems in just a few clicks. With advanced tools, such as its AI-powered DMARC Report Analyser, DMARC, SPF, DKIM cloud management solutions, and email source reputation monitoring, EasyDMARC's platform helps customers stay safe and maintain the health of their domains without risk. Anush Yolyan EasyDMARC Inc. +1 8885635277 Legal Disclaimer:
