PR: Report finds top Chinese brands fail to protect worldwide consumers from phishing attacks

A new study published by 250ok, a leader in advanced email analytics for DMARC, deliverability, design and engagement, revealed 95 percent of the top 100 most valuable Chinese brands fail to meet the minimum level of email authentication to protect consumers against phishing attacks. Together, the listed companies have a total brand value of $683.9bn, with notable brands including Tencent, Alibaba and Lenovo.

 The report finds top Chinese brands are significantly less likely to deploy DMARC records for their domains (4.6 per cent) than other industry verticals like top US and EU e-retailers (11.3 per cent), or top-performing SaaS 1000 businesses (35 per cent). Remarkably, zero Chinese brands reviewed employ a DMARC reject policy (p=reject), which is considered an organization’s best defense against phishing attacks.

The total Chinese retail market was nearly $5trn in 2016, and by 2020, China will account for about 60 percent of global e-commerce. As predominantly online Chinese businesses like Alibaba and JD.com work to expand globally, email authentication practices play a significant role in the ability to deliver both transactional (e.g., password resets, shipping receipts, customer service correspondence) and promotional (e.g., sales offers, shopping cart abandonment reminders) email messages to consumers outside China.

Phishing and spoofing attacks against consumers are more likely when companies do not have a published Sender Policy Framework (SPF), and/or DomainKeys Identified Mail (DKIM) and a Domain-based Message Authentication, Reporting and Conformance (DMARC) policy in place. SPF is an email authentication system that helps detect spoofing attempts, or a third party disguising itself as a particular sender using a counterfeit email address. DKIM is an email authentication mechanism indicating whether or not a message has been modified since it was originally sent. A DMARC reject policy informs mailbox providers what to do with messages that fail SPF or DKIM tests.

"Chinese brands looking for revenue growth in the West will increase dependence on the email channel," said Joe Montgomery, VP of marketing at 250ok. "Getting to a DMARC reject policy is a logical first step in ramping up their marketing programs for global business."

A 2017 study from the Anti-Phishing Working Group reported phishing attacks targeted an average of 443 brands per month in the first half of 2017, up from 413 per month during the same period in the previous year. These attacks are a threat to brand trust, as 91 percent of all cyber attacks begin with a phishing email.

To access the full report, visit: s.250ok.com/ChinaDMARC

About 250ok

250ok focuses on advanced email analytics, insight and deliverability technology to power a large and growing number of businesses and higher education email programs ranging from clients like eHarmony, Furniture Row and Pinterest, who depend on 250ok to cut through big data noise and provide actionable, real-time analytics to maximize email performance.