DMARC for Transportation: How to Stop Email-based Brand Impersonation Attacks

5 min readJan 15, 2020


Editor’s Note: This blog post was originally found on the Agari Email Security blog

By Armen Najarian

Can an email authentication protocol known as DMARC protect freight and package carriers from brand impersonation attacks targeting their customers?

Stop me if this sounds familiar: Your customers are scrolling through email and come across a message from your company asking for details to straighten out a delivery snafu. They follow the link, update their info, and move on to their next task. But instead of a package, they get a locked hard drive and a ransom demand.

That appears to have been the game plan for scammers who impersonated UPS, DHL, and other brands earlier this year in a wave of ransomware-based email attacks. Cybercriminals know exactly how important trust and reliability are for brands that handle freight and packages. But in the mind of the consumer, guess who gets the blame? If it’s your brand, then you do!

Why Major Carriers Are Top Targets

Thanks to the scale and global reach of its operations, German logistics company DHL regularly ranks among the top 10 most impersonated brands. DHL and UPS were both impersonated earlier this year in a major operation that exploited GoDaddy DNS security issues. The scammers hijacked thousands of vulnerable domains and sent fake UPS shipping notices and DHL invoices to trick recipients into installing ransomware.

The GoDaddy problem appears to be resolved, but criminals keep finding new ways to go after freight and package carriers. In some cases, they simply move their email scam to a new domain.

Timing matters, too. The holiday shopping season is typically a peak time for phishing attacks designed to pilfer personal data from distracted UPS and FedEx customers juggling work, family, and gift buying. The fact that shoppers have six fewer days to make purchases this year only heightens the risk

With hundreds of millions of packages sent over the holiday season, the odds increase that recipients will open and act upon fraudulent “shipping notification” emails without a second thought.

The Impact on Impersonated Brands

Brand impersonation is one of the most vexing forms of cyberattack companies face today. That’s because in these attacks, the cybercriminal doesn’t need to search for your vulnerabilities — he or she just has to steal your good name. The financial and reputational damage can be precipitous.

When customers get scammed, the impersonated brand can become an instant pariah to consumers, regardless of innocence. Customers may transfer their business to competitors, stop opening the brand’s emails, and share their story with everyone they know. If the attack generates negative headlines and enough social media rants, customers and prospects who haven’t even been swindled may start avoiding the brand out of fear.

Of course, it doesn’t help that the typical corporate response to brand impersonation tends to be pretty flaccid. Relying on victims to report phishing attempts, issuing warnings through the Better Business Bureau and law enforcement agencies, and posting notices about phishing on the brand’s website are all likely to go unseen or ignored. Meanwhile, your brand — and your customers — remain at risk.

A better idea: Prevent brand impersonation attacks from ever reaching their intended victims in the first place. That’s where the DMARC email security protocol comes in.

How DMARC Decks Imposters

Good domain hygiene plays a role in any effort to defend against brand impersonators. We’ve written before about how abandoned domains can expose companies to rising domain pirating and brand impersonation. In fact, orphaned domains were the attack vector for the GoDaddy ransomware exploits earlier this year. That means domain registrations and DNS settings need to be maintained and monitored at all times.

Then there’s Domain Messaging-based Authentication, Reporting and Conformance (DMARC). Over the last few years, DMARC has emerged as an effective way for companies to prevent fraudsters from impersonating their brands in phishing attacks targeting consumers and businesses.

Specifically, DMARC is an open standard that helps companies ensure that only authorized senders can use their domains to send outbound emails. That includes various business units, third-party business partners, and email distribution platforms such as Marketo and Salesforce.

When properly implemented using automated brand protection solutions that make full use of DMARC, email impersonation attacks are prevented from reaching recipient inboxes. According to a recent study from Forrester Research, new impersonation scams can drop to near zero within weeks.

But don’t think cybercriminals will give up easily — your brand name is just too valuable. Once they realize they’ve been blocked from pirating or spoofing your domains, cybercriminals are likely to just keep registering new lookalike or cousin domains to maintain the tidy little profit center they’ve built with your hard-earned brand equity.

Keeping up with these fraudulent new lookalike domains will require constant monitoring and lightning-fast response to take down phishing sites as soon as they’re detected. This holiday season, the number of phishing URLs is more than double what they were at the end of last year.

Protecting Brands Against Impersonation

Make no mistake. A proactive approach to reducing or eliminating their brand impersonation attacks requires all three of the elements discussed in this post — timely domain maintenance, proper DMARC implementation, and the rapid detection and takedown of new phishing domains.

With brand impersonations up 14X in recent years, there’s another reason carriers might want to make stepping up brand protection efforts their New Year’s resolution. As organizations in this sector adopt DMARC, those that remain unprotected are likely to become bigger targets in a steadily shrinking pond of vulnerable targets.

Those that do safeguard their domains and eliminate brand impersonations will no doubt stand a better chance at maintaining the loyalty and trust they’ve earned, avoiding negative publicity, and keeping on point for their mission of delivering for their customers.

To learn more about DMARC and best practices for preventing phishing-based brand impersonation, download a free copy of the Q4 2019 Email Fraud and Identity Deception Trends report from Agari




Agari is the Trusted Email Identity Company™, protecting companies and people from phishing and socially-engineered email attacks.