SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Spike in phishing scams expected ahead of holiday shopping season

Consumers are being warned to prepare for a spike in phishing attacks this holiday season, with cybercriminals expected to impersonate delivery companies.

According to security firm Tessian, supply chain issues and poor security protocols amongst top global couriers is expected to further worsen the busiest period of the year for phishing attacks.

Ahead of Black Friday, one of the world's busiest shopping seasons, Tessian researchers reveal that almost two-thirds (64%) of the top couriers are at risk of having their domains impersonated by scammers as their email domains are not sufficiently protected against phishing, spoofing or fraud.

What's more, only 20% of the top global couriers have configured DMARC (Domain-based Message Authentication, Reporting - Conformance) to its strictest setting.

Without the DMARC records in place or set to the strictest settings, a cybercriminal could directly impersonate a courier's domain in spear-phishing campaigns, tricking people into thinking they are opening an email from a trusted and legitimate source about an online order, delivery update or redelivery request.

A survey by Tessian revealed that one in three (33%) UK citizens have received a phishing scam from a scammer posing as a delivery service this year already. That figure is expected to soar as attackers take advantage of high volumes of emails and deals during Black Friday and Christmas to trick people into giving up sensitive information.

According to Tessian data, Black Friday was the busiest time for phishing scams during 2020. Last year, 90,000 phishing attacks were detected by Tessian in the week of Black Friday - more than three times the amount recorded for previous weeks.

This year could be even worse, Tessian researchers have warned. With retailers starting sales earlier than usual and with nationwide supply chain issues, there is even more of an opportunity for cybercriminals to cash in on the Black Friday frenzy, capitalising on consumers' desire for information regarding their online order and delivery status.

"Black Friday presents the perfect opportunity for cybercriminals to target consumers, as people are on the lookout for deals, expecting more deliveries and willing to engage with inbound email marketing," says Tessian CEO, Tim Sadler.

"With online shopping and deliveries set to hit yet another all-time high this holiday season, consumers run the risk of falling for a phishing attack - either by email or text message - and sharing sensitive data if they miss the cues that signal a scam," he says.

"But, identifying the signs may not be as easy as you think if attackers are convincingly impersonating a delivery firm in their messages. Therefore, it's so important to question every message you receive and always think before you click."

Tessian offers the following tips and advice for spotting malicious emails:

  • Inspect emails and text messages to look out for spelling errors; these are a sure sign that it is not from a legitimate source.
  • Take a few seconds to verify that the senders name and email address match up, especially if you are reading your emails on your mobile. Cybercriminals typically spoof a brand's name, hoping that you'll fail to inspect the email domain.
  • Be wary of business messages from unknown numbers or numbers starting with a local area code such as +44, as these are regularly associated with scam texts.
  • If in doubt, don't click. You can follow up with the delivery company or retailer directly if you have a question that needs to be answered.
Follow us on: