Annually, the holiday season kicks off with the significant retail shopping events in the U.S., Black Friday and Cyber Monday, occurring on the Friday and Monday following Thanksgiving.
Anticipated to surpass 2022 sales, Black Friday and Cyber Monday on November 24 and November 27, 2023, are projected to outperform previous records. In 2022, consumer spending peaked at $9.12 billion on Black Friday and $11.3 billion on Cyber Monday, with global online sales reaching $40 billion by 5 PM ET, as per Salesforce analytics.
Yet, the shopping frenzy also presents a significant opportunity for financially-motivated cybercriminals to exploit unsuspecting shoppers, capitalizing on their ignorance.
Here are the key points consumers and enterprises should be aware of for a secure and prosperous shopping season:
Watch Out for Malicious Emails
Phishing stands out as a prevalent method through which cybercriminals aim to lure their targets into malicious activities. Whether through phishing and spear phishing emails, smishing messages, or vishing calls disguised as promotional offers, the real intent is often to deliver malware or pilfer credentials and financial information.
“The key advice for employees is to remain cautious of email promotions advertising products at prices that seem too good to be true. It’s crucial to enhance staff awareness and education on phishing emails, including the tactics criminals use, such as spoofing websites to steal credit card data and passwords,” emphasized Boyd.
Recognizable signs of phishing encompass unsolicited communication, grammatical errors, content inducing a sense of urgency, unexpected attachments, unfamiliar sender addresses, and communications at unusual hours.
Boyd suggests employees avoid using the same password across multiple online accounts, opting instead for multifactor authentication and employing email security tools.
Adopt Email Marketing Policy Change
In October 2023, Google and Yahoo unveiled a marketing email policy change focused on authenticating messages to enhance spam and scam prevention. The policy mandates that companies sending over 5,000 emails on either platform must implement the following three authentication methods:
- Sender Policy Framework (SPF)
- Domain Keys Identified Mail (DKIM)
- Domain-based Message Authentication Reporting and Conformance (DMARC)
“Recent announcements by Google and Yahoo are reshaping the intersection of marketing and cybersecurity, transforming email authentication standards from recommended best practices to mandatory marketing requirements. Unauthenticated messages will be rejected, shifting SPF, DKIM, and DMARC from the SOC to the boardroom, redefining the email marketing baseline,” said Seth Blank, CTO at Valimail, to Spiceworks.
The new policy is set to take effect in February 2023 for Google and Q1 2024 for Yahoo. Blank emphasized that 2023 is notably distinct, as marketers seek to swiftly distinguish themselves from scammers.