The holidays are fast approaching, and with customers getting ready for the biggest sales of the year on Black Friday (the 26th of November), cybercriminals, who have been perfecting their social engineering techniques, are also gearing up to wreak havoc.
It’s prime time for scammers, and scams alike, particularly of the phishing kind. Something like 3.4 billion phishing emails are sent out every day and phishing scams account for half of all fraud attacks. According to the Australian Retailers Association and Roy Morgan, Australian’s alone are predicted to spend over $58 billion on pre-Christmas shopping – an increase of around 11% on 2019 pre-pandemic spending. Black Friday sales and Cyber Monday brought in almost $10.8 billion in 2020. These figures combined are staggering and pose a very real warning to consumers and businesses alike to remain extra vigilant when it comes to online shopping and clicking on any links in emails, which could just be phishing attacks designed to steal your credentials for costly criminal activity.
At MailGuard, we know all too well the consequences of phishing scams, as you our partners do too, no doubt. We intercept thousands of emails every day to protect businesses from the disastrous effects of employees or customers clicking on a link that could have devastating consequences. Identity theft, financial loss, reputational damage, ransomware encryption, and shutting down of your business operations, are just a few of the implications. One-click is all that it takes. The repercussions could last several months or even years after, or in the worst of cases, it can mean the end for a business. Scammers are only getting more sophisticated, with phishing, spear-phishing and BEC scams escalating over the last few years.
We only need to look as far as a recent scam we intercepted by cybercriminals purporting to be Telstra and threatening to cut off crucial internet and phone services if a bill was not paid on time. It played on the recipients’ need for access to critical services, or fake Netflix account suspension emails, luring in victims to hand over their credit card details or click on a link to supposedly ‘re-activate their membership’. Particularly living in a lockdown, these services are essential for many, and cybercriminals know this.
Spotting a Phishing Scam This Black Friday (and always)
So, getting into the holiday season, where emotions generally run high, and customers are bombarded with various promotions and sales, it’s no surprise that cybercriminals come out to play. However, being armed with knowledge about how phishing scams work and how to spot them is crucial and will hopefully help in protecting your customers from any nasty scams this holiday period.
Here are some tips you can share with customers and their teams as a reminder of some of the ways they can spot a phishing scam this holiday season:
- If the email asks you to confirm personal information, be wary. Scammers have become more sophisticated in mimicking trusted names in their branding to try and lure unsuspecting victims into believing that the email is legitimate. However, if an email makes requests that are not aligned to previous authentic communications from the company or business, it could very well be a phishing attempt.
- A strange-looking web and email address. We see this a lot with the scams that we intercept here at MailGuard, scammers often use the name of the company within the structure of the email or in domain addresses to throw off time-poor and innocent victims who may quickly scan the email. It’s crucial to take the time to examine the email, the email address, and the web address to see if it matches up to the real company address or website.
- Poor grammar and unprofessional language. Although scammers try to throw off recipients by including detailed branding elements, often they forget to fix the language and grammar presented in emails. Remember, most company’s or businesses employ professional writers and have their content checked and reviewed before publishing or sending it out to the wider community.
- Look out for Parcel Delivery Scams. The upsurge of online shopping and the reliance on parcel delivery services such as DHS Express or Australia Post has resulted in nasty parcel delivery scams often claiming that you will need to pay a small fee in order to receive your package or click on a link to confirm delivery of your items.
- Look out for fake websites promoting attractive sales. Especially around this time of year, hackers are spoofing large retailers, like Amazon, Walmart, and others with a surge of email messages, and texts aiming to secure credit card and personal information. If you receive any emails asking you to update your payment info or submit personal information, this is a warning sign. Be sure to call the company in question to make sure. Most scams of this type are designed to incorporate a legitimate landing page into the mix to trick victims, so be sure to check for spelling mistakes, poor grammar, addressing you with generic terms, warning to take immediate action, promises of refunds, or other freebies and errors in the subject line or body of the email.
Keeping businesses protected
Prevention is always better than a cure, and the best defence is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all threats, so it’s crucial to remind customers that if they are using Microsoft 365 or G Suite, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be an open dialogue. Reach out to us and tell us how we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 282 2
UK partners call 0 800 404 8993
We’re on Facebook, Twitter and LinkedIn.
