Email Security Blog

Ebay data breach & the next wave of phishing attacks

Agari May 22, 2014 Cybercrime, DMARC
Fallback Featured Image

Today Ebay is sending out emails to its users, informing them of their most recent data breach, and recommending users change their passwords. Simultaneously, cybercriminals will be sending out eerily similar-looking emails, swapping out the original urls with malicious links.  What is a consumer to do when the same channel that companies rely on to communicate vital information, is the same one the cybercriminals are exploiting?

We can hope that people are internet-savvy enough to know better than to click on a password reset button in an email, but the fact is: people are busy. Like, really busy. Like, texting your boss while eating lunch on a conference call busy. So, when an email alert comes through, either from ebay itself, or from a criminal spoofing an ebay domain, how does the average consumer react?

A security professional will go straight to the source and reset their password without clicking on a link – maybe they will even check out the header data just for fun to see who the email is actually coming from. But the average user? They will click. They will put in their PI (Personal Information). They will hand over all of their data to a criminal who will then use it and sell it off after they are done.

This cycle happens after every data breach and customers are left to change their passwords and their credit card numbers, only to be hit again by the next data breach of a major retailer. Wouldn’t it be great to have a way to break this cycle of consumer abuse?  Stop the cycle of consumer abuse and protect your communications to your customers by implementing DMARC.  Agari has many free tools to get you started and if you need more assistance, we are here to help.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

July 10, 2019 Ronnie Tokazowski

‘Til Death Do Us Part… Romance Scams and the BEC Game

When we think of business email compromise (BEC), the first thing that comes to mind…

Agari Blog Image

June 26, 2019 Armen Najarian

Ticket to Fraud: Airline Industry Sees Increased Consumer Phishing Scams

For many, there are few things more satisfying than receiving an email confirmation for a…

Agari Blog Image

June 13, 2019 Fareed Bukhari

DMARC Adoption Worldwide Slows with Australia's ASX 100 Remaining Most Vulnerable

DMARC adoption rose a tepid 1% in the first quarter of the year, with the…

Agari Blog Image

June 5, 2019 Crane Hassold

From One to Many: Scattered Canary Evolves from One-Man Startup to BEC Enterprise

There is no denying that business email compromise (BEC) is big business, with losses exceeding…

Agari Blog Image

May 23, 2019 Suela Vahdat

DMARC Remains Elusive with 86% of gov.uk Domains Open to Impersonation

More than three-quarters of UK government organisations haven't yet adopted Domain-based Message Authentication and Reporting…

mobile image