Email Security Blog

It’s the Most Wonderful Time of the Year… for Cybercriminals

Mike Jones November 30, 2021 Brand Protection, Business Email Compromise, Cybercrime, Email Security, Phishing
Woman-shopping on cell phone

The holiday season is upon us, which means it’s also the busiest time of the year for online shopping. There’s Black Friday, Cyber Monday, and gifts to buy for loved ones. Plus, gifts to buy for yourself when the deals are this good! But beware, for cybercriminals ‘tis also the season to scam millions of dollars from unsuspecting people and companies. They’re banking on people being in a rush and distracted during this hectic season, and therefore more likely to fall victim to a scam, which allows them to cash in. Sounds a lot like the Grinch, doesn’t it?

People need to be extra vigilant and watch out for email scams such as Phishing. These emails can make it past most security controls, because they appear to be coming from a trusted source; someone you know, a brand you trust or even someone from your company’s HR team or president.

Here’s a common scenario. You get an email from the sporting supply company you have purchased from several times in the past. But look carefully, is it really coming from that well-known brand? Before you click on that link with that great savings offer…

Look Carefully

Check the body of the email and the sender information to look for misspellings. Is the email from Amazoni, not Amazon? Hover over any links to see if the URL is correct. Clicking on that offer link may be all it takes to grant a grinch access to personal or business data. If an email receiver does click on the link, it could be an imposter website created by a scammer imitating a trusted brand’s website domain. If a site doesn’t use two-factor authentication (sending a code via email or text before supplying personal or payment information), anyone can be misled to update or confirm username, password, credit card, etc. Bam!

It’s not just individuals who are at risk. Businesses often suffer insurmountable losses in brand trust, credibility, email deliverability as well as millions of dollars of revenue from both fraudulent and legitimate purchases. If people fall prey to someone who has impersonated a brand, that business suffers, because every real email they send may now not be trusted. Plus, loyal or new customers might not feel safe coming to the legitimate website to make a purchase.

In email spoofing attacks, the sender display and domain names can look like they come from legitimate brands. To prevent this, businesses can implement DMARC authentication so that when an email is received, the server checks to ensure the sender is authorized to send emails on that brand’s behalf. To get around this, attackers will also spoof using lookalike domains (Amazoni.com).

Employees need to think carefully before responding to emails. Would the CFO really want you to send them gift cards? Of course not, but would a trusted supplier change their bank account details? Perhaps. Suspicious emails should be reported to your security operations team immediately so they can be verified and if found to be a scam, other employees can be warned.

 How Else Can Businesses Protect Their Email Inboxes?

Security awareness training and processes will help stay one step ahead of modern-day grinches. As will email security solutions that use data science to inspect every incoming email message for authenticity. Based upon machine learning of typical behaviors and known senders, messages that can’t be trusted don’t make it to employee inboxes and ones that do are removed.

Having safety measures in place will keep everyone in good cheer and save businesses and personal holiday budgets from falling victim to a big “Bah! Humbug!” this holiday season.

Agari Blog Image

December 16, 2021 John Wilson

Common Phishing Email Attacks | Examples & Descriptions

What does a phishing email look like? We've compiled phishing email examples to help show…

Agari Blog Image

December 8, 2021 John Wilson

What Is Email Phishing? [How to Protect Your Enterprise]

Phishing emails can steal sensitive data and cost companies' reputation. However, protecting a company from…

Envelope with skull and cross-bones

December 1, 2021 John Wilson

Identifying and Mitigating Email Threats

Email  threats are ever evolving, and it’s important to stay up to date. Here are…

laptop with envelope and security badge-secure email

November 24, 2021 John Wilson

TLS for Email: What is it & How to Check if an Email Uses it

Transport Layer Security (TLS) is encryption to secure email messages between sender and receiver to…

Laptop with multiple paddle locks with key holes

November 11, 2021 John Wilson

SMTPS: How to Secure SMTP with SSL/TLS (Which Port to Use)

We’re going to go over what SMTP is, whether it’s truly secure enough (or if…

mobile image