The Websense 2012 Threat Report issued by Websense releases an annual report that looks at trends in web, email, data and mobile security. The 2012 report revealed some interesting findings that developers should be wary of as they build and secure their applications.
At the forefront of this report is transactional email. A somewhat obvious yet chilling stat is that 92% of email spam contains a URL. Given that most transactional email contains a link to a web page, this is a high risk category that needs to be carefully monitored at its source.
So why is transactional email so vulnerable? According to Websense, email attacks are more prevalent for “business related topics” that individuals are expecting and will eagerly open (i.e. transactional email). In fact, the top five email lures tend to manifest themselves in the following categories:
1. Order Notifications
2. Ticket Confirmations
3. Delivery Notices:
4. Test Emails
5. Tax Refund Information
As a provider, it is your job to help protect your customers by staying alert and putting the proper defenses in place to prevent cyber criminals from infiltrating your systems and causing havoc amongst your customers. Start by authenticating your mail. In doing so, you let ISPs know which domains are legitimate and which to block. Continue to closely monitor your reputation for anomalies and follow best practices. Your goal is to clearly identify yourself as a legitimate sender at every turn so ISPs can focus on delivering your mail while preventing spam from getting through the gateway.