Email domains from popular delivery companies in the UK are insufficiently protected from phishing, spoofing and other forms of fraud, making them a perfect attack vector this Black Friday and the rest of the holiday season.
This is according to a new report by Tessian, which claims that things could be a lot worse than last year due to various supply chain issues and poor security protocols.
According to the company, fraudsters can easily impersonate two-thirds (64%) of top couriers’ email domains. Of all the best global couriers, only a fifth (20%) have domain-based authentication, reporting and conformance (DMARC) configured in its strictest setting, allowing malicious actors to “directly impersonate” a courier’s domain. permission is granted.
It is nothing new for delivery companies to trick people into giving out valuable personal information like passwords. This year, a third (33%) of UK consumers have already received such a phishing email, but Tessian believes these figures will “continue to rise” during Black Friday and Christmas.
This time last year, the company detected 90,000 phishing attacks, more than three times the amount reported in the weeks before Black Friday.
How to Identify Phishing Emails
Tessian CEO Tim Sadler commented, “Identifying the signs (of phishing emails) may not be as easy as you think if attackers are impersonating the delivery firm in their messages.” “Therefore, it is very important to question every message you receive and always think before clicking.”
According to experts, recipients should always be wary of typos and other spelling errors, as they are, first and foremost, a red flag. Then, they must verify the identity of the sender by making sure their name and email address match, especially for consumers reading email on a mobile device. Malicious actors often spoof a brand name, hoping readers won’t take the time to inspect the email domain.
At the end of the day, most distribution companies and retailers have multiple communication channels open at all times. Consumers may do their due diligence by contacting the Company directly to verify the authenticity of the message received.
You should also check out our list best security key out there today