Only 50% of the top 50 Oil & Gas companies in the Middle East have DMARC record in place finds Proofpoint

In Research

Proofpoint today released research identifying that only 25 (50%) of the top 50 Oil & Gas companies that have operations in the Middle East have a Domain-based Message Authentication, Reporting & Conformance (DMARC) record in place, meaning that half of them are leaving customers at heightened risk of email fraud. The lack of a DMARC record makes companies potentially more susceptible to cybercriminals spoofing their identity and increasing the risk of email fraud targeting their customers.

Only 5 out of 50 (10%) oil and gas companies have ‘reject’ in place, which means a whopping 90% are not proactively blocking fraudulent emails from reaching customers. Reject is the strictest and recommended level of DMARC protection, a setting and policy that actually blocks fraudulent emails from reaching their intended target. The COVID-19 pandemic has seen a spike in highly targeted attacks against the energy industry, deployed through email.

Emile Abou Saleh, Regional Director, Middle East and Africa at Proofpoint, commented: “During the pandemic, oil and gas companies are relying heavily on digitalization to maintain business continuity. This has motivated targeted spear phishing campaigns against the energy vertical. At a time when opportunistic cyber criminals are exploiting global uncertainty, a majority of the oil and gas companies in the region are leaving their customers vulnerable to email fraud. By not implementing adequate email protection they are exposing themselves to phishing, impersonation attacks and other unauthorised use of corporate domains. This is despite email remaining the number one threat vector for cybercriminals.”

DMARC, which is an email validation protocol designed to protect domain names from being misused by cybercriminals, authenticates the sender’s identity before allowing the message to reach its intended designation. It verifies that the purported domain of the sender has not been impersonated and relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the trusted domain.

“Energy companies need to ensure that the communication methods they use are secure. We recommend implementing robust email defences and inbound threat blocking capabilities (including deploying DMARC email authentication protocols),” added Emile Abou Saleh.


You may also read!

Sophos present at GITEX with its latest cybersecurity innovations

Sophos today announced its participation at GITEX starting today, where it will be showcasing its newest cybersecurity innovations, including


AmiViz to present BlackBerry Cyber Suite solutions at GITEX

At this year, BlackBerry has partnered with AmiViz, the Middle East region’s first enterprise B2B marketplace for the weeklong


AmiViz delivers value from its four pillars of success

The Middle East region’s first enterprise B2B marketplace, AmiViz today announced that during development of its platform, the company


Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu