INSUBCONTINENT EXCLUSIVE:
This week, we reported on TechCrunch how thousands of remote employees with health and workplace benefits through human resources giant
TriNet received emails that looked like a near-perfect phishing attempt.
One recipient was so skeptical, they shared the email with
TechCrunch so we could verify its authenticity
The message checked every suspicious box
In fact, when, we asked two independent security researchers to offer their assessments, each one thought it was a phishing email devised to
steal usernames and passwords.
The fact that there was confusion to begin with shows that even gigantic companies like TriNet — a $3.7
billion corporation — are not doing enough to prevent phishing attacks
Had they proactively employed basic email security techniques, it would have been a lot easier to detect that the email was not in fact a
phish, but a genuine company email.
But this problem isn&t unique to TriNet; it not even unique to big companies.
Last year, security firm
Agari found only 14% of all Fortune 500 companies were using DMARC, a domain security feature that prevents email spoofing and actively
New data supplied by Agari to TechCrunch shows that figure has risen only one percentage point in the last year, bringing it to a meager
15%.
Phishing and impersonation are fundamentally human problems
The aim is to try to trick unsuspecting victims into turning over their usernames, email addresses and passwords to hackers who then log in
In some cases, scammers use an email impersonation scam to trick employees into thinking someone senior in the company needs certain
sensitive files like banking information or employee tax documents.
