They Should Call Black Friday Phish Friday
Quick Answer
Phishing volume rises sharply around Black Friday and Cyber Monday because attackers exploit the surge in legitimate retail email. Global Security Mag reported a 400% increase in pre-holiday phishing aimed at well-known online shopping sites in 2019. The dominant tactic: clone a real retailer's site, drive traffic to it via spoofed promotional emails, and capture credit card details at checkout. McAfee research found 37% of US shoppers do not check sender addresses or retailer URLs for authenticity, which is what makes the campaigns profitable. Defenses for individuals: type retailer URLs directly rather than clicking email links, look for the padlock plus the actual domain (not a lookalike), use a credit card with strong fraud protection rather than a debit card. Defenses for retailers: deploy DMARC at p=reject on every sending domain so attackers cannot spoof your brand back at your customers.
It’s the most wonderful time of the year…for hackers. And while all indications are that hackers are actually getting started early this year with phishing emails, you can expect Black Friday and Cyber Monday to be the main events.
According to Global Security Mag, “Black Friday and Cyber Monday marks the traditional start to the holiday shopping season. Yet, with 39% of shoppers starting before then, cybercriminals have kicked off the season early too.” Their research indicates a 400% increase in pre-holiday phishing activity specifically targeted at “well-known online shopping sites.”
These holiday phishing attacks are about one thing: getting your credit card number. The scammers start by putting up a replica of a legitimate site. Then, from WJLA, “once you enter your credit card information into one of these fake shopping sites, the scammers win.”
You’d think by now everybody would be onto these scams, but they’re not. According to research conducted by McAfee, “37% of American respondents admit that they don’t check an email sender or retailer’s website for authenticity.”
The result of this reckless behavior? “74% of respondents admitted to losing more than $100 to these scams, while 30% lost more than $500.“
One of the newer ploys these scammers use is phony gift cards. And unfortunately, it’s effective too. “The survey found that only 43% of respondents are aware of fake gift cards as a threat.”
Two things are clear. The scammers are coming this holiday season and most people either don’t know about it or don’t care. And the crazy thing is, that same $100 that 74% of respondents lost to a phishing scam, would pay for over 25 years of phishing prevention software that kept users safe from those very same scams.
DuoCircle, which is cloud-based email security service with real-time link click protection, is such a software. It can keep hundreds of users safe from these holiday threats for just pennies a month per user. There is simply no reason not to protect yourself, your family and your employees this holiday season.
Try phishing protection from DuoCircle risk free for 30 days. It requires you to buy nothing, sets up in minutes and comes with 24/7 live technical support. Don’t let Scrooge win.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.