Case study

29 Jun 2023
8 minutes read

Protecting customers and employees from fraudulent email. Maintaining brand trust and credibility.

“Organizations must ensure they invest effectively to protect against an ever-evolving and expanding threat landscape.”

Meagan Burnett
Chief Operating Officer

Financial service provider in South Africa, focused on investment excellence

275bn

Assets under management

150

Employees

50.12%

M&G plc shareholder

One of South Africa's top 10 largest investment managers

Offices in:

Johannesburg - South Africa
Cape Town - South Africa
Durban - South Africa
Port Elizabeth - South Africa
Windhoek - Namibia

Financial services companies are a favorite target for cybercriminals because they hold vast amounts of personal and financial information and are involved in moving large amounts of money on a daily basis. Protecting themselves, their customers and employees from attacks is a priority to avoid financial and reputational damages.

The clients challenge

Across the financial services sector, businesses, employees and customers are using email as an important communication tool, making email risk high in this sector. Securing and safeguarding email communication is critical for companies so that customer trust and credibility are maintained.

Financial services companies face persistent email threats on a daily basis that are both customer-targeted and employee-targeted attacks. Impersonation, phishing, spoofing and business email compromise are just some of the methods cybercriminals are using, hijacking the name of a brand and/or an employee, to trick the email recipient into sharing information or even making money transfers straight to a criminal.

Organizations must put suitable measures in place to ensure emails using their brand identity are the real thing, and all fake emails never see the light of day. Prudential has a legal, ethical and moral responsibility to protect its significant customer base and employees, from email fraud and their information being compromised.

Prudential turned to Sendmarc to put in place the highest level of protection and safeguarding of the company name, so that email fraudsters could not illegally and illegitimately use it for their own gain. Their priority was for their customers and employees to feel safe that communication purporting to be from Prudential was in fact from them. Trust in communication from Prudential was critical.

Ut eget tempor magna. In suscipit metus sit amet pharetra posuere. Aenean tincidunt, felis at lacinia tempus, est arcu rutrum nisi, eu maximus orci nunc ut justo. Phasellus ultrices vitae dolor sit amet mollis. Nunc vel purus vel libero aliquam sollicitudin nec at sapien.

Integer eleifend ultrices metus sit amet laoreet. Nullam luctus, libero ut luctus vulputate, eros ipsum convallis purus, sit amet vehicula quam justo ac nulla. Integer id risus ac nibh vehicula euismod. Vivamus quis urna id lacus pharetra dignissim. Sed vel lorem sed orci mollis congue vel a sem. Sed vel congue nunc. Donec vel ex nec lacus condimentum malesuada. Sed id purus eros. Vivamus vel odio nec magna convallis malesuada.

Prudential’s requirements

Full protection

Full protection of its customers and employees from being targeted by fraudsters illegitimately using the Prudential name.

Legitimate email

Only legitimate email bearing the Prudential name reaches a customer’s or employee’s inbox.

POPIA compliance

Compliance with POPIA requirements to take every measure to safeguard customer information.

Visibility into email environment

Have visibility into their entire email environment and be able to manage all legitimate and illegitimate emails using the company’s name.

Email delivered as intended

All legitimate outbound email reaches its intended destination.

Business as usual

No disruption to the current email environment, with no user or business impact.

Protected within 90 days

Protected state and highest level of security, i.e. p=reject, within 90 days.

Technical expertise

Provider who understands the technicalities of the entire email application and infrastructure layers.

Holistic perspective

Provider who looks holistically at the environment and can work with other service providers.

What the client had to say about the process:

“Ut eget tempor magna. In suscipit metus sit amet pharetra posuere. Aenean tincidunt, felis at lacinia tempus, est arcu rutrum nisi, eu maximus orci nunc ut justo. Phasellus ultrices vitae dolor sit amet mollis. Nunc vel purus vel libero aliquam sollicitudin nec at sapien.

Name and Surname

Position

Complexities of the Prudential’s environment

Multiple providers of email services
Multiple providers of infrastructure services related to email
No single-point accountability for entire email ecosystem
No single view or reporting of email real estate
Multiple security protocols across infrastructure and application email services
Different standards, protocols and policies applied to inbound and outbound emails

Technical solution

DMARC: Domain-based Messaging Authentication, Reporting and Conformance

Results achieved with Sendmarc solutions

Achieved p=reject within 90 days
Only legitimate emails with Prudential name delivered to an inbox
All illegitimate emails blocked
Email environment monitored and continual refinement as environment grows
Proactively protected against and prevented phishing, impersonation and spoofing attacks
All inbound and outbound email working from all email service providers, with correct configurations
POPIA compliant with highest security and safeguarding levels of customer information
Trust and confidence in Prudential branded email