The holiday season is boom-time for online commerce. This is a busy time of year for all of us and I find myself thinking ‘wow, I’m so glad I live in the internet era; at least I can indulge my retail addiction in cyberspace rather than elbowing my way through crowds to get at the shiny consumer goods I crave.
‘Black Friday’; ‘Cyber Monday’; it’s impossible not to get caught up in the excitement and give my credit card a walloping. It’s all a lot of fun (especially getting outrageously cool electronic gadgets for the kids x-mas pressies) but… I need to sound a note of caution:
holiday-season is hunting season for email scammers.
While you’re happily browsing the brand-new Amazon listings, stabbing at bargains on eBay and machine-gun-clicking your PayPal button, there are well-organised and determined criminals laying traps and waiting patiently.
Email Isn’t Always What it Seems
Email is our oldest form of online communication (it’s been around since the 70s) and it’s incredibly popular; More than 269 Billion emails are sent around the world every day. it’s amazing really considering how many other options we have. According to an article in Lifewire; the average office worker receives 121 emails a day and 86 % of professionals name email as their favourite mode of communication.
During the holiday season, when e-commerce is boiling over and credit card companies, retailers and couriers are all frantically trying to keep up with customer demand, emails are flying around the internet in record numbers. Cyber Monday is the single most intense day for email and the traffic is growing steadily year after year.
Email is the favourite hunting ground for cybercriminals too. Nine of of 10 cyber-attacks start with an email. Not only is it popular, it is also an old technology and therefore relatively easy to manipulate for dishonest ends. When email was conceived we lived in a less hostile online world; people used to post their home addresses in dating forums and broadcast their webcams to the public willy-nilly. We’re a bit less naive these days about the trustworthiness of our fellow netizens, but the machinery of email hasn’t changed much.
Email is a con-artist's dream because they can easily manipulate the information displayed in messages to make them look like they come from just about anybody.
Here at MailGuard we see new scams pop up every day and most of them are well enough designed to trick the majority of people. Cybercriminals send out messages that look like they come from big companies; brands we trust like Telstra, CommBank and Netflix. They entice us into clicking on an innocent looking link and disclosing our personal data like credit card numbers or downloading cleverly disguised malware.
During the holiday season we see an uptick in the scams that exploit the brands of retailers like Bunnings and Aldi, and parcel delivery companies like DHL or AusPost.
While retailers are keen to cash in on the holiday spending spree, scammers are also aware that when we are in a hurry, running around doing x-mas shopping, we are more vulnerable than ever to their email traps.
MailGuard CEO Craig McDonald recently posted an article addressing the growing problem of ‘brandjacking,’ where criminals leverage well-known names to deceive victims:
‘This approach has a high success rate for cybercriminals. Why? Because it taps into our subconscious. Marketers have known for years how to leverage our subconscious to make us spend; '90% of all purchasing decisions are made subconsciously.' Our happy subconscious clicking - the trust that we place in brands - is putting us all at risk... (Cybercriminals) are masterful marketers, and they've learned how to ride on the back of big brand's trust-building to achieve their goals. Shockingly, more than 90% of internet crime is perpetrated via email. Most people cannot recognise the tell-tale signs of a criminal email and will click on dangerous messages without thinking twice. In fact, 97% of people can't discern phishing emails from the real thing, and of those, nearly 25% will click on dangerous links.’
>> read Craig McDonald’s full article on brandjacking, here.
How to Know if an Email is a Scam
Whenever you get an email that asks you to click on a login link or disclose personal information you should be sceptical.
Be wary of emails from people you don’t know or companies you don’t do business with.
Be suspicious of any email that asks you to view or download files - especially files with these formats:
- .zip
- .js
- .exe
It’s always a good idea to hover your mouse pointer over links in emails and check the domain they’re pointing to. If they look suspicious or unfamiliar don’t open them. The best option is to type the address directly into your web browser if you’re not sure about the link. Similarly, you should check the sender details of emails by clicking on the ‘details’ link in the address header. In the ‘details’ drop down you will be able to see the full email address of the person or company who sent the email. Look closely at the sender address and check for anything odd or inconsistent about the URL or spelling.
Protect Your Inbox
Most people don’t realise how easy it is for cybercriminals to create and send scam emails. Fortunately, MailGuard offers cloud-based email security that detects and eliminates criminal-intent email before it even lands in your inbox.
Stay informed on breaking scam news. Subscribe to MailGuard's free weekly updates by clicking on the button below:
