Email Security Blog

Ebay data breach & the next wave of phishing attacks

Agari May 22, 2014 Cybercrime, DMARC
Fallback Featured Image

Today Ebay is sending out emails to its users, informing them of their most recent data breach, and recommending users change their passwords. Simultaneously, cybercriminals will be sending out eerily similar-looking emails, swapping out the original urls with malicious links.  What is a consumer to do when the same channel that companies rely on to communicate vital information, is the same one the cybercriminals are exploiting?

We can hope that people are internet-savvy enough to know better than to click on a password reset button in an email, but the fact is: people are busy. Like, really busy. Like, texting your boss while eating lunch on a conference call busy. So, when an email alert comes through, either from ebay itself, or from a criminal spoofing an ebay domain, how does the average consumer react?

A security professional will go straight to the source and reset their password without clicking on a link – maybe they will even check out the header data just for fun to see who the email is actually coming from. But the average user? They will click. They will put in their PI (Personal Information). They will hand over all of their data to a criminal who will then use it and sell it off after they are done.

This cycle happens after every data breach and customers are left to change their passwords and their credit card numbers, only to be hit again by the next data breach of a major retailer. Wouldn’t it be great to have a way to break this cycle of consumer abuse?  Stop the cycle of consumer abuse and protect your communications to your customers by implementing DMARC.  Agari has many free tools to get you started and if you need more assistance, we are here to help.

Leave a Reply

Your email will not be published. All fields are required.

February 19, 2019 Fareed Bukhari

DMARC Adoption Up, But 85% of Fortune 500 Remains Vulnerable to Brand Hijacking

February 14, 2019 Crane Hassold

Scarlet Widow Breaks Hearts and Empties Wallets via Romance Scam Operations

February 5, 2019 Ronnie Tokazowski

BEC Actors Exploiting Gmail “Dot Accounts” for Fun and Profit

December 6, 2018 Crane Hassold

How an Elite Counterintelligence Team Investigates BEC Scams Worldwide

November 28, 2018 Crane Hassold

Why Just Play Defense Against Cybercriminals When You Can Do So Much More?

mobile image