Current:Home > MyEmail fraud poses challenges for consumers and companies during the holiday season-LoTradeCoin
Email fraud poses challenges for consumers and companies during the holiday season
View Date:2024-12-23 23:01:06
With the holiday season upon us, beware "gifts" nobody wants: email fraud and cyberattacks.
Cybercriminals take advantage of consumers' attention on a particular subject — like, for example, Black Friday or Cyber Monday sales — to run scams, or they use the distraction of the moment to cause disruption.
They'll slip into the rush of urgent emails offering limited-time deals, hoping to disguise themselves as legitimate retailers. With the National Retail Federation predicting a record high in spending over the holidays in 2023, cybersecurity is especially important.
Vulnerable email is in part to blame
Cybercrime remains lucrative in part because of the inherent insecurity of email, a form of communication that's typically not encrypted or signed by a verified sender or recipient.
Advancements have been made to help improve that security. Some email providers offer encryption. And if the email looks questionable, the recipient can always open a browser and search for a deal rather than clicking on a link to fact-check whether it's real. Plus, there's a tool called DMARC, the domain-based message authentication, reporting and conformance protocol. It's a long-established best practice to help companies prove who they say they are over email.
But according to new research from the cybersecurity firm Proofpoint, 52% of the top 50 U.S. retailers ranked by the National Retail Federation are not fully compliant with that protocol. Essentially, that means they're not taking steps to block fraudulent emails or protect their websites' domain names.
Proofpoint also noted that only 14% of those companies direct potentially fraudulent emails linked to their brands into quarantine, or the recipient's spam or junk folder.
"So one way to look at this is like Gmail on Black Friday or Cyber Monday. It's kind of like JFK airport over Thanksgiving," says Robert Holmes, who leads email fraud detection efforts at Proofpoint. "Imagine you were at JFK airport on one of those days with a lot of people coming and going, and imagine a world where that airport didn't check IDs or didn't check passports. That would be a bad world. Lots of nefarious activity would happen on busy days in particular."
In many cases, consumers are encouraged to protect themselves in cyberspace by, for example, watching out for phishing emails or not clicking on sketchy links.
However, Holmes argues, more of the burden should fall on companies to implement a layer of protection for all their customers. "So the thing about good security is, it should be invisible to Joe Public," he says.
There's a push to adopt DMARC — or face the consequences
For years, governments have encouraged the adoption of DMARC but haven't required it. With partial adoption, it's difficult for the average consumer to know whether a retailer is verified through DMARC when browsing through marketing emails.
However, that might be beginning to change. Over the years, Google, for example, rewarded companies that complied with DMARC by offering them verification badges that consumers could see. Major email providers have taken various steps to push retailers into adoption.
Now, Google and Yahoo will be taking that a step further by requiring companies to participate by February 2024. If companies fail to implement the protocol, their emails will be more likely to be flagged as spam or blocked entirely.
"In October, Gmail announced new requirements for bulk senders that will make users' inboxes safer and less spammy," said Neil Kumaran, the group product manager at Gmail's security and trust team, in a statement to NPR. "These are straightforward requirements based on open standards, are in line with established industry best practices, and reflect basic email hygiene."
That's an encouraging step toward improving email security, Holmes says.
His only concern is that companies might fail to come into compliance by February.
For larger retailers with a complex web of outside suppliers and contractors, it will be a little more challenging to fully comply, Holmes says. The DMARC protocol factors in every third party authorized to send emails on one entity's behalf, ranging from automated systems that deliver newsletters, like Mailchimp, to those that send updates on doctor's appointments or flight time changes.
"I think the consequences of getting this wrong are severe," Holmes says. "Legitimate email gets blocked. ... People will miss appointments. People will miss flights. People won't make payment."
Of course, those consequences aren't a guarantee — it's just more likely that potentially legitimate email that doesn't comply with DMARC will get blocked. And major email providers have been taking incremental steps toward pushing companies into compliance with DMARC over several years, Holmes says. This decision to require DMARC compliance isn't coming out of the blue.
"Many senders already meet these requirements, and for those who are still working on it, we're sharing clear guidance to help," said Google's Kumaran. "Doing so is crucial to close loopholes we know attackers are targeting, and will help make email safer for everyone."
veryGood! (459)
Related
- Why have wildfires been erupting across the East Coast this fall?
- US Energy Transition Presents Organized Labor With New Opportunities, But Also Some Old Challenges
- Body believed to be of missing 2-year-old girl found in Philadelphia river
- Glee’s Kevin McHale Recalls Jenna Ushkowitz and Naya Rivera Confronting Him Over Steroid Use
- Krispy Kreme is giving free dozens to early customers on World Kindness Day
- A U.K. agency has fined TikTok nearly $16 million for handling of children's data
- The Biden Administration Rethinks its Approach to Drilling on Public Lands in Alaska, Soliciting Further Review
- New Reports Show Forests Need Far More Funding to Help the Climate, and Even Then, They Can’t Do It All
- Fantasy football Week 11: Trade value chart and rest of season rankings
- Two mysterious bond market indicators
Ranking
- These Yellowstone Gift Guide Picks Will Make You Feel Like You’re on the Dutton Ranch
- Activists Take Aim at an Expressway Project in Karachi, Saying it Will Only Heighten Climate Threats
- Alabama lawmakers approve new congressional maps without creating 2nd majority-Black district
- Elon Musk says NPR's 'state-affiliated media' label might not have been accurate
- When do new episodes of 'Cobra Kai' Season 6 come out? Release date, cast, where to watch
- Dear Life Kit: My boyfriend's parents pay for everything. It makes me uncomfortable
- Nature’s Say: How Voices from Hawai’i Are Reframing the Climate Conversation
- Warming Trends: The Climate Atlas of Canada Maps ‘the Harshities of Life,’ Plus Christians Embracing Climate Change and a New Podcast Called ‘Hot Farm’
Recommendation
-
About Charles Hanover
-
The $1.6 billion Dominion v. Fox News trial starts Tuesday. Catch up here
-
Ocean Warming Doubles Odds for Extreme Atlantic Hurricane Seasons
-
Warming Trends: British Morning Show Copies Fictional ‘Don’t Look Up’ Newscast, Pinterest Drops Climate Misinformation and Greta’s Latest Book Project
-
Reds honor Pete Rose with a 14-hour visitation at Great American Ball Park
-
Researchers Say Science Skewed by Racism is Increasing the Threat of Global Warming to People of Color
-
Peter Thomas Roth Deal: Get 2 Rose Stem Cell Masks for the Price of 1
-
The $1.6 billion Dominion v. Fox News trial starts Tuesday. Catch up here