27/08/2015

By Patrick Peterson, CEO of Agari

The number of consumer-friendly events that happen over summer provide the perfect opportunity for cybercriminals to target online customers with that too-good-to-be-true offer. From the promise of winning tickets for the latest sporting event to half-price flights to our favourite destinations, this can be a challenging time for brands and consumers. With summer officially half-way through, I will outline the top online scams that consumers and businesses need to watch out for over the rest of the season.

1. Sporting events

Sports events and phishing scams tend to go hand in hand. Brits' love for some of the nation’s most popular sports may end up being their downfall. The summer of sports concludes with the Rugby World Cup taking place in September. However, as rugby followers gear up for one of sport’s biggest occasions, so too will cybercriminals that employ social engineering to exploit fans enthusiasms. We’ve already seen scammers use FIFA World Cup to target fans eager for tickets. Consumers need to watch out for any kind of “special offers” related to these games – it’s not just discounted tickets, but things like VIP viewing packages, opportunities to meet the players, and fake merchandise ‘endorsed’ by famous players.

2. Back to school specials

Retail scams are a spammer favourite – the nation's summer sales are always a popular target for cybercrime. This year we’ve already seen an increase in retail sales events both online and offline. ONS figures show that online sales over June this year rose by 11.4% compared with June 2014. As shoppers continue to migrate online, they must be especially wary of emails claiming to offer discounted deals or special offers online. Parents and students will also need to watch out for cybercriminals taking advantage of ‘Back to School’ shopping deals, such as ordering new uniforms or stationary staples, around the end of the August.

3. Travel

The summer months see travel scams thrive given the holiday peak, and this holiday season will see an increase in the theft of consumers’ airline miles and hotel points. While these are harder to monetise than direct financial information, it's much easier for criminals to get their hands on and are still worth something on the black market – especially if the hacking process can be automated. For example, United Airlines had a significant data breach last last year, which caused havoc for its customers, and airline miles can often be found on sale on the Darknet. So don’t be fooled into thinking a “travel deal” isn’t a scam if it’s not asking for financial details.

4. Payment phishing

The rapid adoption of new mobile payment systems this summer along with the rise in digital banking will drive a spike in the volume of phishing emails aimed at payment customers in the later half of 2015. Last year, Agari’s ‘State of Email Trust’ report, which measures the amount of fraudulent email sent using a company’s domain, showed that the payments industry had a ThreatScore of under two until the second half of the year, when the number jumped up to 23 in Q3 and 39 in Q4. European banks also saw their ThreatScore rise from 2 in Q1 to 30 in Q3.

With the introduction of near field communication (NFC) technology and payment systems, we will unfortunately see a spike in opportunistic spammers and phishers that spoof domains trying to trick unknowing customers into sharing sensitive information as they make their first foray into contactless payments.

5. Summer offers

Summer is the time to get outdoors, see the world and be seen. This means that the number of special offers arriving in your inbox soar, and also means that scammers can easily disguise their phishing messages amongst these genuine schemes. Whether it’s a “Get fit for summer” gym deals, discounted music festival tickets, special memberships for VIP parties or extra points for a loyalty scheme – it can be hard to tell the difference between a real and fake offer. Make sure you only open emails from brands you trust.

Unfortunately, our research has found that many UK businesses are still not taking the necessary steps to protect their customers from email-borne phishing attacks. In the months ahead, banks, retailers and travel providers will all find that they are victims of phishing. With no authentication built-in, anyone can send an email using someone else's identity, and with email being the most common form of communication today, organisations must be ready to protect themselves from this brand abuse. All it takes are some basic layers of email security to ensure that their brands cannot be spoofed by email, which would erode the trust that companies have spent years building with customers. Brands that aggressively and genuinely assume the mantle of customer protection can prosper in an age of cyberattacks, while those that don’t stand to lose a great deal.