In order to protect customers from "fake Domino's phishing attacks," Domino's Pizza Enterprises has deployed domain-based message authentication, reporting, and conformance (DMARC).
Back in early 2020, the quick-service restaurant (QSR) operator stated its security team reviewed "all-important email domains used by the firm and third-party partners to determine how email was being handled."
“This was then monitored, before progressing to ensure only external systems with approval from Domino’s could send emails on our behalf.”
The DMARC installation was finished in March 2021, according to the pizza Enterprises, “protecting and verifying more than 51 email domains and more than 144 million emails per month.”
“The project protects not only our customers and the public, but also the Domino’s brand, and increases the likelihood genuine Domino’s emails will be delivered,” the company said.
“It's important that when a customer receives an email purporting to be from Domino's, it's sent by our teams, not by someone posing as Domino's - a major problem in the online retail world.”
The DMARC project was part of a larger set of security initiatives undertaken by Domino's over the past year, some of which are still ongoing.
In the financial year just gone, Domino’s said it conducted “data mapping exercises” across the group to improve security and governance protections for sensitive data.
The company also made sure that administrative accounts and “those that have access to large volumes of data” had multi-factor authentication enabled.
It also started work on a business continuity planning and disaster recovery programmer aimed at “identifying those systems, services, and data that are critical to the running of our company and work, as well as a risk mitigation programmer for any risks that may occur.”
On top of protecting outbound emails, Domino’s said “more than 10 million online ordering customer accounts were protected this year from account takeover attacks”.
It also said it processed 60 million security ‘insights’ every day, “generated from more than 26 different systems and services that we log and monitor.”
It added that machine learning is used to triage these event notifications to aid its security operations team.
Published by Pintu Bhatt