Hilton Hotels recently sent out an email to customers that looked so much like a phishing attempt that its own IT support team advised customers it was a scam. Agari, a specialist in helping companies secure emails against phishing and cybercrime commented below.
Patrick Peterson, Founder and Executive Chairman at Agari:
“This incident at Hilton illustrates that trust in the email ecosystem today is brittle at best. Clearly new approaches to address phishing and protect consumers and brands alike are required, especially by organisation with large member or consumer bases.
“Relying on consumers, or in this case Hilton’s own IT security team, to spot the good from bad is clearly not a viable strategy. This happens every day in large organisations; isn’t it time for a better approach?
“Education of consumers is certainly important, but this example that fooled professional IT staff illustrates why a multi-layered approach including email authentication offers a more robust security approach to ensure brands protect their customers, and their revenue streams from disruption. Whether it be from actual or, as in this case, suspected phishing attacks.
“Email authentication, by which brands can prevent cyber criminals from spoofing their brands, is becoming increasingly widely adopted to prevent just such scenarios. If brands use industry standards such as DMARC (which is supported email providers including Gmail, Microsoft, Yahoo), their IT team would have the confidence to know that only authenticated emails from approved channels could have reached their customers.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.