Email Security Blog

Ebay data breach & the next wave of phishing attacks

Agari May 22, 2014 Cybercrime, DMARC
Fallback Featured Image

Today Ebay is sending out emails to its users, informing them of their most recent data breach, and recommending users change their passwords. Simultaneously, cybercriminals will be sending out eerily similar-looking emails, swapping out the original urls with malicious links.  What is a consumer to do when the same channel that companies rely on to communicate vital information, is the same one the cybercriminals are exploiting?

We can hope that people are internet-savvy enough to know better than to click on a password reset button in an email, but the fact is: people are busy. Like, really busy. Like, texting your boss while eating lunch on a conference call busy. So, when an email alert comes through, either from ebay itself, or from a criminal spoofing an ebay domain, how does the average consumer react?

A security professional will go straight to the source and reset their password without clicking on a link – maybe they will even check out the header data just for fun to see who the email is actually coming from. But the average user? They will click. They will put in their PI (Personal Information). They will hand over all of their data to a criminal who will then use it and sell it off after they are done.

This cycle happens after every data breach and customers are left to change their passwords and their credit card numbers, only to be hit again by the next data breach of a major retailer. Wouldn’t it be great to have a way to break this cycle of consumer abuse?  Stop the cycle of consumer abuse and protect your communications to your customers by implementing DMARC.  Agari has many free tools to get you started and if you need more assistance, we are here to help.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

April 18, 2019 Ronnie Tokazowski

Do You Know Where Your W-2 Is? Probably Where You Left It

It’s like clockwork. Every year around tax time security vendors (even us!) push out warnings…

Agari Blog Image

April 17, 2019 Fareed Bukhari

The Time is Now: Underscoring the Importance of DMARC for State and Local Governments

Scammers know that impersonating a trusted government agency is an extremely effective way to trick…

Agari Blog Image

April 4, 2019 Crane Hassold

Evolving Tactics: London Blue Starts Spoofing Target Domains

In December, the Agari Cyber Intelligence Division (ACID) published a report on a business email…

Agari Blog Image

March 27, 2019 Ronnie Tokazowski

Why iTunes? A Look into Gift Cards as an Emerging BEC Cash Out Method

One of the trends that has been slowly creeping up across the BEC threat landscape…

Checking Email on Phone

March 19, 2019 James Linton

BEC Goes Mobile as Cybercriminals Turn to SMS

Business email compromise (BEC) is a term that encompasses a variety of techniques and tactics…

mobile image