Apple will add another obstacle to successful phishing attacks in iOS 16, iPadOS 16, and macOS Ventura, which will display a company’s official logo to help recipients identify genuine emails from fake ones.
Message identification brand indicators
Apple’s future operating systems will support Brand Indicators for Message Identification (BIMI). This is a specification to allow for the use of branded logos in emails and will be a way of telling recipients that an email is really from that company. Google has been supporting BIMI since 2021.
BIMI requires companies to verify their email with DMARC. Described in more detail by the IETF in a March 2015 document, DMARC helps email administrators prevent hackers and other attackers from spoofing their organization and domain.
The feature does not provide complete peace of mind.
- Not every company will be certified (but if you want to start using the system in your company, the BIMI website is a good place to start).
- Many smaller companies will probably never get certified, and it’s possible that the system itself will be abused over time – those who set up these attacks are always inventive.
- The feature also requires email client support, which will not appear until Apple releases the next iterations of its operating systems.
What BIMI offers
But what BIMI does provide is a visual way to assess trust when receiving a message, and help protect us from phishing and ransomware exploits by making it much more difficult for criminals to counter brand names in emails. mimic.
That’s important in the pluralistic sense: we’ve all made attempts at malware infection buried in emails purportedly from major brands.
It can also help protect corporate communications by making it more challenging to successfully launch phishing and targeted attempts against companies or supply chain partners.
This is especially important because ransomware attackers are currently targeting smaller companies because larger entities offer better protection – and because manufacturing companies often rely on outdated security practices. That is why the relatively recent US Cybersecurity & Infrastructure Security Agency has identified manufacturing as one of the critical US industries in need of better security.
Its main use is, of course, B2C marketing. Marketers will make extensive use of BIMI when trying to convince customers to open email marketing campaigns.
The magic marketing sauce of combining a trusted brand with relevant content remains essential to success. It’s worth noting a recent study that suggests that consumers are more likely to open emails with a logo next to the email, and that this type of branding also improves brand recognition over time.
How it works
BIMI allows brands to verify the authenticity of emails they send. After verification, the system can display the company logo in a relevant position within a supporting email client. BIMI is a text file stored on the sender’s server that ISPs handling end-user traffic can then verify for authenticity.
That integration between BIMI, DMARC and the email client makes it challenging for spammers to figure out how to display their spoof logo in the same place. The effect is that customers can see if an email is genuine and delete others without opening the offending message, further reducing the risk of accidentally executing malicious code.
Securing the Internet
Apple’s decision to support BIMI in Mail reflects the industry’s acceptance of the standard. Google, Yahoo! Mail, AOL, Verizon, and Microsoft all support it. With the addition of Apple, the standard has reached critical mass.
This isn’t the only attempt to block the internet experience taking place on Apple’s platforms in the next OS updates. The decision to standardize an alternative to CAPTCHA will reduce online friction (and help protect users’ IP addresses). Support for next-generation passkey authentication will be seen as an important step toward replacing password protection with more effective biometric account/service security. Apple continues to invest in privacy, with better protection against cross-site scripting on the go and improvements in endpoint security also on the horizon as declarative device management comes to the Mac.
Please follow me Twitteror join the AppleHolic’s bar & grill and Apple discussions groups on MeWe.
Copyright © 2022 IDG Communications, Inc.