UK consumers must prepare for a spike in phishing attacks whereby cybercriminals impersonate delivery companies this holiday season, warns Tessian, the Human Layer Security company. This is because supply chain issues and poor security protocols amongst top global couriers is expected to further worsen the busiest period of the year for phishing attacks: Black Friday.
Tessian researchers reveal that almost two-thirds (64 per cent) of the top couriers are at risk of having their domains impersonated by scammers, as their email domains are not sufficiently protected against phishing, spoofing or fraud. What’s more, only 20 per cent of the top global couriers have configured DMARC (Domain-based Message Authentication, Reporting & Conformance) to its strictest setting.
Without the DMARC records in place, or set to the strictest settings, a cybercriminal could directly impersonate a courier’s domain in spear phishing campaigns, tricking people into thinking they’re opening an email from a trusted and legitimate source about an online order, delivery update or redelivery request.
A survey by Tessian revealed that one in three (33 per cent) UK citizens has received a phishing scam from a scammer posing as a delivery service this year already. We can expect that figure to soar as attackers take advantage of high volumes of emails and deals during Black Friday and Christmas, to trick people into giving up sensitive information.
According to Tessian data, Black Friday was the busiest time period for phishing scams during 2020. Last year, 90,000 phishing attacks were detected by Tessian in the week of Black Friday – more than three times the amount recorded for previous weeks.
This year could be even worse, Tessian researchers have warned. With retailers starting sales earlier than normal and with nationwide supply chain issues, there is even more of an opportunity for cybercriminals to cash in on the Black Friday frenzy, capitalising on consumers’ desire for information regarding their online order and delivery status.
Tim Sadler, CEO for Tessian comments:
“Black Friday presents the perfect opportunity for cybercriminals to target consumers, as people are on the look-out for deals, expecting more deliveries and willing to engage with inbound email marketing.
“With online shopping and deliveries set to hit yet another all-time high this holiday season, consumers run the risk of falling for a phishing attack – either by email or text message – and sharing sensitive data if they miss the cues that signal a scam.
“But, identifying the signs may not be as easy as you think if attackers are convincingly impersonating a delivery firm in their messages. Therefore, it’s so important to question every message you receive and always think before you click.”
Tessian offers the following tips and advice for spotting malicious emails:
Inspect emails and text messages to look out for spelling errors; these are a sure sign that it is not from a legitimate source.
Take a few seconds to verify that the sender’s name and email address match up, especially if you are reading your emails on your mobile. Cybercriminals typically spoof a brand’s name in the hope that you’ll fail to inspect the email domain.
Be wary of business messages from unknown numbers or numbers starting with a local area code such as +44, as these are regularly associated with scam texts.
If in doubt, don’t click. You can follow up with the delivery company or retailer directly if you have a question that needs to be answered.