Member Article

End of season scams to watch out for

The number of consumer-friendly events that happen at the end of the summer provide the perfect opportunity for cybercriminals to take advantage of a brand’s reputation to commit fraud through emails. Targeting online customers with that too-good-to-be-true offer – from the promise of winning tickets for the latest sporting event to half-price flights to our favourite destinations – criminals have ramped up the number of spoof emails that appear to be legitimate, in order to distribute malicious content or phish for sensitive information from consumers.

Email continues to be one of the primary tools for exchanging information online – the Radicati group’s Email Statistics Report of 2013-2017 shows that more than 196 billion emails are sent each day. Unfortunately, anyone can send an email using someone else’s identity, and spoof emails pretending to be from a certain brand can be damaging. After a customer has experienced a phishing threat, they are less likely to interact with the brand again, which has a direct impact on both financial performance and customer trust.

So what are some of the key sectors that are being targeted and some of the most popular cybercriminal scams that companies need to be aware of, in order to stay vigilant and protect their brands?

Sporting brands

Sports events and phishing scams tend to go hand in hand. Brits’ love for some of the nation’s most popular sports may end up being their downfall. This year’s big sports events concludes with the Rugby World Cup taking place in September and October. However, as rugby followers gear up for one of sport’s biggest occasions, so too will cybercriminals that employ social engineering to exploit fans enthusiasms. We’ve already seen scammers use FIFA World Cup to target fans eager for tickets. Any brands involved with sports need to watch out for cybercriminals using their brands to send “special offers” related to these games – it’s not just discounted tickets, but things like VIP viewing packages, opportunities to meet the players, and fake merchandise ‘endorsed’ by famous players.

Travel companies

Just because summer is over it doesn’t mean travel scams subside, increasingly travel companies advertise ‘end of season’ sales, leading to a surge in the theft of consumers’ airline miles and hotel points. While these are harder to monetise than financial information, they are much easier for criminals to get their hands on and are still worth something on the black market – especially if the hacking process can be automated. For example, United Airlines had a significant data breach last last year, which caused havoc for its customers, and airline miles can often be found on sale on the Darknet.

Payment and financial services

The rapid adoption of new mobile payment systems this season along with the rise in digital banking will drive a spike in the volume of phishing emails aimed at payment customers in the later half of 2015. Last year, Agari’s ‘State of Email Trust’ report, which measures the amount of fraudulent email sent using a company’s domain, showed that the payments industry had a ThreatScore of under two until the second half of the year, when the number jumped up to 23 in Q3 and 39 in Q4. European banks also saw their ThreatScore rise from 2 in Q1 to 30 in Q3.

With the introduction of near field communication (NFC) technology and payment systems, we will unfortunately see a spike in opportunistic spammers and phishers that spoof domains trying to trick unknowing customers into sharing sensitive information as they make their first foray into contactless payments.

Unfortunately, our research has found that many UK businesses are still not taking the necessary steps to protect their customers from email-borne phishing attacks. In the months ahead, banks, retailers and travel providers who have not secured their email channels will all find that they fall victim to phishing. With no authentication built-in, anyone can send an email using someone else’s identity, and with email being the most common form of communication today, organisations must be ready to protect themselves from this brand abuse. All it takes are some basic layers of email security to ensure that their brands cannot be spoofed by email, which would erode the trust that companies have spent years building with customers. Brands that aggressively and genuinely assume the mantle of customer protection can prosper in an age of cyber attacks, while those that don’t stand to lose a great deal.

By Patrick Peterson, CEO of Agari.

This was posted in Bdaily's Members' News section by Agari .