More than one in seven emails sent on Black Friday today could be a scam, security experts have warned.
Vade Secure claims to protect one billion inboxes around the world with AI-powered security for Microsoft 365. Its Current Events tracker has detected a predictable spike in malicious messages containing text about the shopping discount extravaganza today.
It said 9% of US emails and 15% in Europe were malicious — spoofing big-name retail brands such as Lidl, Sephora, Target and, most popular, Amazon.
“We are issuing an alert about the Black Friday event in order to warn ISPs and businesses using Microsoft 365 to help them protect customers and clients from malicious emails. Seasonal threats of this nature can be predicted and monitored more easily than surprise attacks, so sysadmins should be aware of the surge in Black Friday email exploits,” explained Vade Secure’s chief product and services officer, Adrien Gendre.
“The rise of online shopping and home working has created new vectors for attackers, so security professionals need to guard carefully against new threats as they emerge. The best way to defeat email threats is to use complementary layers of protection involving both tech and humans.”
The United States Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert today, warning that criminals may be looking to cash-in both online and in-person.
“Malicious people may be able to obtain personal information (such as credit card numbers, phone numbers, account numbers and addresses) by stealing your wallet, overhearing a phone conversation, rummaging through your trash (a practice known as dumpster diving) or picking up a receipt at a restaurant that has your account number on it,” it claimed.
“If a thief has enough information, he or she may be able to impersonate you to purchase items, open new accounts or apply for loans.”
The agency urged shoppers to check company privacy policies, monitor their bank statements, use passwords and other security features where available and to avoid sharing personal information online.