Today Ebay is sending out emails to its users, informing them of their most recent data breach, and recommending users change their passwords. Simultaneously, cybercriminals will be sending out eerily similar-looking emails, swapping out the original urls with malicious links. What is a consumer to do when the same channel that companies rely on to communicate vital information, is the same one the cybercriminals are exploiting?
We can hope that people are internet-savvy enough to know better than to click on a password reset button in an email, but the fact is: people are busy. Like, really busy. Like, texting your boss while eating lunch on a conference call busy. So, when an email alert comes through, either from ebay itself, or from a criminal spoofing an ebay domain, how does the average consumer react?
A security professional will go straight to the source and reset their password without clicking on a link – maybe they will even check out the header data just for fun to see who the email is actually coming from. But the average user? They will click. They will put in their PI (Personal Information). They will hand over all of their data to a criminal who will then use it and sell it off after they are done.
This cycle happens after every data breach and customers are left to change their passwords and their credit card numbers, only to be hit again by the next data breach of a major retailer. Wouldn’t it be great to have a way to break this cycle of consumer abuse? Stop the cycle of consumer abuse and protect your communications to your customers by implementing DMARC. Agari has many free tools to get you started and if you need more assistance, we are here to help.