Apple will add another barrier to successful phishing attacks on iOS 16, iPadOS 16, and macOS Ventura, which will display the company’s official logo to help recipients identify the real ones from fake emails.
Brand indicator for message identification
Apple’s upcoming operating systems will support Brand Indicator for Message Identification (BIMI). This will be a specification to enable the use of the brand-controlled logo in the email and will be a way to let the recipient know that the email actually came from the company concerned. Google has supported BIMI since 2021.
BIMI requires that companies authenticate their emails using DMARC As described in more detail in a March 2015 document by the IETF, DMARC helps mail administrators prevent hackers and other attackers from spoofing their organizations and domains.
The feature will not provide complete peace of mind.
- Not every company will be certified (although if you want to start using the system in your company, the BIMI website is a good place to start).
- Many small companies will probably never be certified, and it is possible that the system itself may be abused over time – those who create these attacks are always inventors.
- The feature also requires email client support, which will not be displayed until the next iteration of Apple’s operating system.
What BIMI provides
But what BIMI provides is a visual way to assess trust when receiving a message, helping us to protect against phishing and ransomware exploits.
This is important in a pluralistic sense – we’ve all felt the urge to infect malware that is suppressed in emails from big brands.
This can help protect enterprise communications by further challenging successful phishing and targeted efforts against companies or supply chain partners.
It’s especially important that ransomware attackers are currently targeting smaller companies because larger companies offer better protection – and that manufacturing companies often rely on older security practices. That’s why the recent U.S. Cybersecurity and Infrastructure Security Agency has designated manufacturing as one of the most important sectors in the United States that requires better security.
The main use is B2C marketing, of course. Marketers will make extensive use of BIMI as they try to persuade customers to open email marketing campaigns.
The magic of combining a trusted brand with relevant content will be essential for success. It is worth noting in a recent study that suggests that consumers are more likely to open emails that display a logo next to the email, and that such branding improves brand recognition over time.
How it works
BIMI allows brands to verify the authenticity of the emails they send Once verified, the system can display the company logo in a relevant location within a supporting email client. A BIMI is a text file stored on the sender’s server that ISPs handling end-user traffic can then verify for authenticity.
This integration between BIMI, DMARC, and the email client makes it challenging for spammers to determine how to display their spoof logos in one place. The effect is that customers can see if an email is genuine and delete it without opening the offensive message, further reducing the risk of accidentally running malicious code.
Securing the Internet
Apple’s decision to support BIMI in the mail recognizes industry standards. Google, Yahoo! Mail, AOL, Verizon and Microsoft all support it. Apple’s addition means the standard has gained critical mass.
This is not the only attempt to lock down the Internet experience in Apple’s next OS update. The decision to standardize the Captcha option will reduce friction online (and help protect the user’s IP address). Its support for next-generation authentication in the form of Paskey will be seen as a major step towards replacing password protection with more effective biometric account / service security. Apple continues to invest in privacy, better protection against cross-site scripting along the way, and improved endpoint security on the horizon with the advent of declarative device management on the Mac.
Follow me TwitterOr join me at AppleHolic’s Bar & Grill and Apple talks Groups on MeWe.