FTC Study Finds Online Businesses Not Doing Enough To Prevent Phishing

A study released by the Federal Trade Commission’s (FTC) Office of Technology Research and Investigation has found that most major online businesses don’t have enough cybersecurity and are not doing enough to prevent consumers from phishing attacks.

Phishing is an email scam where cyber criminals send a consumer an email that appears to be from a reliable source, such as the person’s bank. It then prompts the recipient to click on a link and enter in personal information, such as their bank account or Social Security numbers, which are subsequently used to gain access to the person’s accounts or open new ones.

A recent report by the Anti-Phishing Working Group revealed that 2016 was the worst year in history for phishing scams. The total number of phishing attacks last year was 1,220,523 — a 65 percent increase over the number of attacks recorded in 2015.

But according to a press release from the FTC, while 86 percent of the businesses studied are using the correct email authentication needed to prevent phishing emails, only 10 percent are utilizing the latest technologies to combat phishing.

One of the main steps businesses can take to protect themselves — and consumers — from phishing is to implement a supplemental technology known as Domain Message Authentication Reporting & Conformance (DMARC), which allows them to “receive intelligence on potential spoofing attempts and to instruct ISPs to automatically reject any unauthenticated messages that claimed to be from the businesses’ email addresses.”