In a study released today, the Federal Trade Commission’s Office of Technology Research and Investigation (OTech) reports that most major online businesses are using proper email authentication technology to prevent phishing emails, but few of these businesses are taking full advantage of the latest technologies to combat phishing.
Phishing is a type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source such as an internet service provider, a bank, or a mortgage company. It asks the consumer to provide personal identifying information, and then the scammer uses the information to open new accounts or invade the consumer’s existing accounts.
Specifically, the OTech study found that 86 percent of major online businesses it studied are using Sender Policy Framework (SPF), an email authentication technology that enables Internet Service Providers to determine whether messages that claim to be from the businesses’ email addresses actually come from the businesses. Fewer than 10 percent of the businesses, however, have implemented a supplemental technology known as Domain Message Authentication Reporting & Conformance (DMARC) in a manner which would allow the businesses to receive intelligence on potential spoofing attempts and to instruct ISPs to automatically reject any unauthenticated messages that claimed to be from the businesses’ email addresses. By using DMARC to instruct receiving ISPs to reject unauthenticated messages, online businesses could further combat phishing by keeping these scam emails from showing up in consumers’ inboxes.
The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.
Office of Public Affairs
Bureau of Consumer Protection