Cybersecurity experts warn of Black Friday deals email scams

20 Nov 2019

Image: © mrcatmint/Stock.adobe.com

Research from Proofpoint claims that 85pc of Europe-wide online retailers are not proactively blocking fraudulent emails from reaching customers.

As this year’s Black Friday (29 November) fast approaches, many shoppers may already be preparing themselves by researching the best possible deals online. Retailers, in turn, will likely be sending out emails describing the most lucrative bargains available on the day.

But cybersecurity experts have warned that consumers may be vulnerable to email scams during this annual shopping event. Proofpoint, a cybersecurity and compliance firm, released research on the level of protection most retailers have rolled out for their services.

It found that six out of 10 retailers in the UK have not implicated the strictest levels of domain-based message authentication, reporting and conformance to their email systems. This could, Proofpoint said, make them more susceptible to attack and make it easier for cybercriminals to spoof a business’s identity, increasing the risk of email fraud.

Only 15pc of the top 20 Europe-wide online retailers are proactively blocking fraudulent emails from reaching customers, it added, meaning 85 percent of Europe’s top online retailers are leaving customers open to email fraud.

‘Email continues to be the vector of choice for cybercriminals and the retail industry remains a key target’
– ADENIKE COSGROVE

According to some research, as many as half of all shoppers in the UK plan to make purchases on Black Friday.

“Online retailers may be exposing themselves and their customers to cybercriminals on the hunt for personal and financial data, by not implementing simple, yet effective email authentication best practices,” said Adenike Cosgrove, cybersecurity strategist at Proofpoint.

“Email continues to be the vector of choice for cybercriminals and the retail industry remains a key target. In fact, Proofpoint researchers saw a 144pc year-over-year increase in email fraud attacks on the retail industry in 2018.”

Proofpoint analysed eight regions across the EMEA for the study and found that retailers in Germany, Sweden and the Netherlands were the most exposed to email fraud. Though retailers in the UK were the least exposed, 60pc still remain vulnerable to domain spoofing, phishing and other forms of email fraud.

Research from Proofpoint about email scams.

Percentage of top online retailers exposed to email fraud. Image: Proofpoint

Stay vigilant

Proofpoint has advised that there are a number of steps shoppers can take to ensure they do not fall victim to email fraud this year. Firstly, the cybersecurity firm suggests that consumers use strong passwords for their accounts and never use the same password twice. Password managers can make it easier to keep track of various logins.

Customers should also ensure that they avoid unprotected or open-access WiFi, such as connections in cafés and other public venues, as cybercriminals can intercept data transferred, such as your login or card details. It is also generally advised to never complete purchases on unencrypted transfer protocols – in other words, only buy from websites with ‘https’ at the beginning of a URL, as opposed to ‘http’.

Cloudfare graphic about secure vs unsecure HTTP

Graphic: Cloudfare

Users should also remain vigilant of ‘lookalike’ websites masquerading as legitimate vendors. The websites may be strikingly similar in interface and design, however, always check the URL. If it does not look like the official link, the website could be a front of a fraudulent operation.

Similarly, if emails look legitimate but have stiff, unnatural language or spelling mistakes in the body text and are sent from an email address that contains lots of numbers, garbled letters, or otherwise doesn’t look like the account of an official business, best to avoid these emails. Do not, in any circumstance, click links contained therein – when in doubt, always use Google to source the deal through the legitimate retailer website.

Finally, users can avoid being scammed by always checking customer reviews and complaints before downloading a new app or visiting an unfamiliar site. If the Black Friday deals look too good to be true, they probably are.

Eva Short was a journalist at Silicon Republic

editorial@siliconrepublic.com