The holiday season is upon us, and sure enough most of us have started getting our inboxes spammed by tons of notifications on black Friday deals. However, lurking behind the shadows of genuine discounts are phishing emails that may be very hard to detect. These emails contain a cash grab or a lure that attracts potential customers into clicking on them and thereby falling deeper and deeper into the scam.
Guidelines to Ensure a Secure Black Friday Shopping Experience
To make sure that you are not clicking or receiving emails that may come from impersonators or threat actors, here are a few guidelines you can follow:
Recognize Phishing and Spoofing Emails
During Black Friday and Cyber Monday, there is a sudden surge in phishing and spoofing attacks due to the sheer opportunity and availability of victims. It is relatively easy for cybercriminals to get away with their tactics during the holiday season since during this time hundreds of unsuspecting users are avidly searching for the “best deal” on goods – blissfully unaware of the many dangers lurking behind innocent email and website advertisements.
There are various steps involved in distinguishing between real and fake (phishing) emails. Let us go through a few of them:
- A phishing email will often contain a sense of urgency that almost intimidates a user into believing that they need to take action immediately out of the fear of missing out.
- Sometimes phishing emails may contain poorly written messages with plenty of grammatical errors and spelling mistakes. Notice how I stressed on the word “sometimes”? This is because in recent times due to the surge in AI writing tools and ChatGPT, writing perfect email content has become a cakewalk.
- While the email signature at the bottom of the message may contain the name of a legitimate organization, the domain from which the email is sent from maybe a public domain or contain errors like amaz0n.com instead of amazon.com
- Search for links or attachments in your email. Phishing emails will most likely contain a link or attachment that the attacker urges you to click on – do not do this until you are absolutely certain that the email is legitimate. These links may lead to phishing websites or install malware or ransomware on your computer.
On the other hand, recognizing email spoofing is much harder! Especially in scenarios where there is direct-domain spoofing involved, these are the challenges you could face:
- The email is sent from a legitimate company domain that is forged yet identical
- The email may bypass sophisticated spam filters that are put in place by renowned mailbox providers like Microsoft or Google
Preventing Black Friday Phishing Scams
To prevent phishing scams on Black Friday and Cyber Monday, vigilance and proactiveness are key attributes that you should strive to maintain. Here are a few steps you can take:
1. Implement SPF and DKIM for your domains
SPF is an email authentication protocol that allows domain owners to authorize their senders. Think of it as an identity card for your legitimate email senders. Just like the bouncer at a club verifies your presence from a list of guests in the register, SPF maintains a list of authorized email senders in your DNS that is checked every time an email is sent from your domain. SPF will fail for those emails wherein the domain in the return path address of the sender does not match any of the entries in the SPF record of the sending domain.
DKIM is also an email authentication protocol, and for the most part that is where the similarity ends. DKIM helps senders attach a unique signature to outgoing messages using a private key. The DKIM signature helps codify the message’s content to ensure that the email remains unaltered during its journey. DKIM is effective against man-in-the-middle attacks, helping senders ensure that attackers cannot gain access to your emails freely and make changes to them to use them for any malicious purpose.
2. Configure DMARC authentication for your emails
DMARC or Domain-based Message Authentication Reporting and Conformance is an email authentication protocol that is based on the mechanics and functionalities of SPF and DKIM. If you as an email sender have come all the way and implemented SPF and DKIM, it is only meaningful that you implement DMARC as well. To configure DMARC there are a few mechanisms also known as tags that one needs to consider. The following are two mandatory DMARC tags that you must configure:
- v stands for the version type of the protocol
- p stands for the DMARC policy mode of the protocol. There are three main types of policies that can be configured by domain owners.
The none policy is the first policy that is ideal for the beginning stages of your authentication journey. This policy does not invoke any kind of action from the email recipient in case DMARC passes or fails. Domain owners should enable reporting for their emails while on a none policy, as this will help them ensure that they are monitoring their sending sources and prepping up their domains for a more enforced policy.
DMARC’s quarantine policy enables emails that fail authentication checks to end up in the recipient’s spam folders. This is a good option for email senders who are not ready to commit to maximum enforcement like a reject policy, helping them review their emails in the spam folder before they are ready to accept the emails into their inboxes.
Finally, the DMARC reject policy is the level of enforcement every domain owner should strive to achieve. A reject policy protects your domain from spoofing and phishing attacks, by reducing domain impersonation threats. This is because while on reject, emails that fail the DMARC check will automatically get rejected by the recipient email server. This means that unauthenticated emails won’t reach your customers, protecting them against sophisticated phishing scams during Black Friday sales.
Black Fridays and Cyber Mondays are excellent opportunities to invest smartly in a range of goods, while on a budget. However, it is also important to exercise caution and stay vigilant to ensure that you are not feeding the pockets of cybercriminals instead! Happy shopping!