Black Friday is just as popular with hackers as it is with shoppers. So is Cyber Monday, for that matter.
Fake emails can easily impersonate trusted brands. A company’s failure to protect itself by using email authentication makes it easier for the criminals.
Data collected by Valimail, which works on anti-impersonation technologies, illustrate that as you shop, scammers will send you phishing emails. These are designed to get you to open malware, click on suspicious links, or pick up the phone and call a number established by crooks impersonating your credit card company.
Valimail analyzed data from Thanksgiving 2017 that showed a substantial increase in the number of fake emails sent that week. On Tuesday, November 21, 2017 the number of messages failing authentication increased to four times its normal volume. On Thanksgiving Day the number was seven times greater than normal. On Black Friday the increase was back to four times normal, and on the Saturday after Thanksgiving the rate spiked to twelve times the normal rate of emails failing to authenticate. At their peak, messages failing authentication represented more than half the messages Valimail processed.
A consistent baseline of five percent of Valimail customers’ emails fail authentication because domain owners have not authorized them. The illegitimate email comes from phishers impersonating a domain by using it in the “From” address field of their messages.
Malicious attempts come from all over the world. The United States, Great Britain, Canada and Vietnam are the leading sources of impersonation emails. Mimecast, Proofpoint and Verizon all report that in 2018 impersonation is up.
Companies deploy email authentication standards on domains they own to protect themselves, their brands, and ultimately their customers. Such technical good practices are important, but it’s vital to recognize that truly owning the problem involves an organizational commitment not just to compliance with sound policies, but to regular, interactive, new-school security awareness training as well. Valimail has the story: https://www.valimail.com/blog/black-friday-fake-email/