The holidays are a time for fun, family, friends, feasts… And often, email-based cybercrime. The festive season is prime time for cybercriminals.
Plug-and-play phishing kits are now available to scammers even with little or no technical skills, the holidays are a busy spending time, and employees are generally distracted. It’s the perfect storm needed for scammers to rake in some cash. In other words: the holidays are precisely not the time for organisations to lose sight of their email security.
Why cybercrime spikes during the holidays
There are a few reasons cybercrime increases during the holidays.
People are off guard
Whether it’s shopping for gifts, travelling, or just finishing up the year’s work to go on leave, people are focused on other things during this time. Not to mention, they’re often feeling hopeful and excited about their time off – they’re not necessarily conscientious about email security.
Considering that 96% of data breaches are caused by human error, in this state of mind, it’s easier to miss the usual cyber hygiene practices that keep an organisation’s data and resources safe.
Phishing attacks are more likely to be successful
There are so many promotional emails going around in the holidays that the chances of a phishing email slipping through the cracks is much more likely. Considering that more than 70% of phishing emails are opened by their recipients, the holiday season really is the ideal time to send these attacks out.
90% of security breaches in companies are a result of phishing attacks. (DataProt)
Valuable data is available during the holidays
With more holiday shopping comes more customer data. This makes the holidays, and retailers in particular, ideal targets. In fact, 24% of attacks are targeted at retailers.
Email cybercrime to watch out for
There are multiple ways cybercrime can infiltrate a business via email. The major ones are:
- Domain Name Spoofing: When cybercriminals use a company’s domain name to impersonate the company and trick a user into giving them money or confidential information. It can also involve email links to fake websites.
- Display Name Spoofing: When an email has a forged display name of a trusted sender who is known to the recipient.
- Phishing Attacks: When cybercriminals send malicious emails to trick victims into handing over information, money or installing malware.
DMARC is a technology protocol that verifies the source of an email and makes sure that only real emails ever reach an inbox. This protects you and your stakeholders from falling prey to and being an accomplice in these email threats.
Email security is fundamental to safeguarding a brand’s reputation, employees, and clients. And it all starts with understanding its domain vulnerability.
Cybercrime’s impact on a business can be destructive and long-lasting
Some of the common outcomes that businesses see include:
The financial impact of a phishing attack is often a loss of funds. But it doesn’t necessarily end there. Other knock-on consequences can include losing business opportunities, a ruptured ability to transact online, and hijacked financial data.
Interrupted processes & returns
Cybercrime has other indirect consequences to a business too – some of which can be even more detrimental to its long-term success. For instance, it can also disrupt a business’s processes and procedures and it can hamper productivity… and both can negatively impact revenue.
Clients don’t trust companies that cannot protect themselves. Cybercriminals just need to send one phishing email that looks like your brand for their trust to start eroding. This can quickly escalate into considerably diminished sales in the long run.
Stolen intellectual property
A business’s intellectual property may be an intangible asset, but it’s a valuable one. For instance, marketing plans, product models, and internal expertise all distinguish one business from others. When cybercriminals take that, it can be crippling.
Businesses that don’t secure their email systems and protect customer data can also be at risk of serious legal action, resulting in lawyer costs, damages, and fines for breaching data privacy.
Common email phishing attacks
Email scams come in all shapes and sizes. Some of the common ones include:
Fraudsters use phishing emails to steal a recipient’s email login details, so they can hack into their accounts. Then the cybercriminals monitor the account for incoming invoices. As soon as one comes through, they intercept the email, edit the banking details on the invoice, and send it on to get paid.
In this instance, criminals often use spoofing – when a letter or domain in the email address is changed – so the email address looks legitimate. With no awareness of the interception, the recipient usually pays the invoice, thinking that it’s legitimate, but the funds are actually paid into the scammer’s account.
Package Delivery Scams
With higher online shopping rates during the holidays, a common phishing method is sending out fake shipping emails from popular retailers. These emails often ask recipients to urgently click on a link for reasons like updating the delivery date, providing payment options, paying a shipping fee, or providing delivery instructions.
Clicking on these links can infect recipients with malware or direct them to a form asking for personal information, like credit card details or logins for other sensitive channels.
Business identity theft
Here, a fraudster will pretend to be the owner of a legitimate company and send emails from the hacked business’s email addresses to gain access to credit or get physical goods to resell.
Protect your business’s email domain with DMARC
DMARC is a technology protocol that cross-examines the source of an email and confirms if it’s truly coming from the domain it claims to be coming from. Only once the identity of the sender is verified using these robust technology standards, can the email be delivered to the intended recipient. Emails that fail to pass this interrogation are not delivered.
In a time like the holiday season (and throughout the year), it’s so important for businesses to have extra precautions in place to circumvent their domains being used in unintended and malicious ways – for the sake of their brand and the stakeholders associated with it.
Is your domain at risk? Find out how susceptible your organisation is to being used as a cybercrime weapon by taking Sendmarc’s quick online assessment.