Search Close
Email Security Blog

Ebay data breach & the next wave of phishing attacks

Agari May 22nd, 2014 Cybercrime, DMARC
Fallback Featured Image

Today Ebay is sending out emails to its users, informing them of their most recent data breach, and recommending users change their passwords. Simultaneously, cybercriminals will be sending out eerily similar-looking emails, swapping out the original urls with malicious links.  What is a consumer to do when the same channel that companies rely on to communicate vital information, is the same one the cybercriminals are exploiting?

We can hope that people are internet-savvy enough to know better than to click on a password reset button in an email, but the fact is: people are busy. Like, really busy. Like, texting your boss while eating lunch on a conference call busy. So, when an email alert comes through, either from ebay itself, or from a criminal spoofing an ebay domain, how does the average consumer react?

A security professional will go straight to the source and reset their password without clicking on a link – maybe they will even check out the header data just for fun to see who the email is actually coming from. But the average user? They will click. They will put in their PI (Personal Information). They will hand over all of their data to a criminal who will then use it and sell it off after they are done.

This cycle happens after every data breach and customers are left to change their passwords and their credit card numbers, only to be hit again by the next data breach of a major retailer. Wouldn’t it be great to have a way to break this cycle of consumer abuse?  Stop the cycle of consumer abuse and protect your communications to your customers by implementing DMARC.  Agari has many free tools to get you started and if you need more assistance, we are here to help.

Leave a Reply

Your email will not be published. All fields are required.

December 6, 2018 Crane Hassold

How an Elite Counterintelligence Team Investigates BEC Scams Worldwide

November 28, 2018 Crane Hassold

Why Just Play Defense Against Cybercriminals When You Can Do So Much More?

October 16, 2018 Fareed Bukhari

One Year Later: Federal Mandate for Email Authentication Huge Success

October 16, 2018 Patrick Peterson

DMARC: A 12-Month Triumph for DHS—and the Nation

August 10, 2018 Patrick Peterson

Half of Federal Agencies Racing to Meet DMARC Active Enforcement Deadline

mobile image