3 Email Fraud Tactics All Marketers Need to Know

Posted by Liz Dennison on

The email fraud landscape is a constantly evolving one. Cybercriminals are always coming up with new and sophisticated ways to leverage email to do harm.

Combating threats like these isn’t just your security team’s job. As owners of the email channel, marketers have a responsibility to help protect it.

Fraud can ruin email marketing effectiveness, jeopardizing brand trust and, ultimately, revenue. Customers are 42% less likely to interact with a brand after being phished or spoofed.

The first step to beating the cybercriminals is to understand how they operate. Here are three email fraud tactics all marketers need to know.

1. Spam

Spam is unsolicited email sent in bulk, usually from someone trying to sell something. Spam may (or may not) contain phishing links that trick users into giving up confidential information, or malware sites that download malicious software on a user’s computer.

Spammers harvest valid email addresses in a number of ways, including:

  • Purchasing or trading lists with other spammers.
  • Using special software which crawls web pages, mailing list archives, internet forums, and other public online sources containing email addresses.
  • Launching a “dictionary harvest attack,” or an attack where valid email addresses at a specific domain are found by guessing, using common usernames in email addresses at that domain.
  • Soliciting a valid email address with the promise of a free service or offering.

2. Spoofing

Spoofing is the forgery of an email so that the message appears to have come from someone or somewhere other than the actual source. Spoofing can take place in a number of ways. Common to all of them is that the actual sender’s name and the origin of the message are concealed or masked from the recipient.

Many, if not most, instances of email fraud use at least minimal spoofing, since criminals are trying to avoid being traced.

Major spoofing methods include:

  • Direct domain spoofing, which mimics the precise sending domain of the brand (e.g., support@mybank.com).
  • Cousin domain threats, which are messages that spoof the brand name but are sent from domains not owned or controlled by that brand. (These domains may resemble the brand’s domain name—e.g., support@mybankk.com—or may not.)
  • Display name spoofing, which mimics the name that comes before the “from” address in the header field of the email (e.g., Return Path <phisher@phisher.org>).
  • Subject line spoofing, which mimics the brand in the subject line (independent of the domain or display name) in order to get the recipient to open the malicious message.

The tools necessary to spoof email addresses are surprisingly easy to get. All you need is a working SMTP (Simple Mail Transfer Protocol), a server that can send email, and the right mailing software.

3. Phishing

Phishing is a type of spam that is intended to trick email recipients into giving up sensitive information or credentials for malicious reasons. This information could include social security numbers, bank login details, credit card numbers, and other personally identifiable information (PII).

To conduct phishing attacks, cyber criminals will spoof, or masquerade as a legitimate government agency, bank, retailer or other brand the recipient might recognize. Here’s a glimpse into how they pull it off:

Screen-Shot-2015-07-27-at-8.42.59-AM

 

Phishers will either profit directly from data like credit cards and/or the sell data on the black market to other phishers who are developing their own cybercrime schemes.

Ready to protect your customers and your brand? Believe it or not, there’s a lot marketing can do to help fight threats like these. Get The Marketer’s Guide to Email Fraud to learn more.


Popular this Month

 3 Trends Impacting Email: Persistent Fraud, Part 2

3 Trends Impacting Email: Persistent Fraud, Part 2

In part one of this three-part series, I examined the evolving landscape of...

Read More

 The Top 16 Topics of 2016

The Top 16 Topics of 2016

2017 is finally here! But before we focus on the year ahead, we wanted to...

Read More

 Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Cyberattacks against your brand can be very damaging and costly to both your...

Read More

Author Image

About Liz Dennison

Liz is the Content Marketing Manager for Return Path's Email Fraud Protection team. She loves creating engaging content that empowers companies to protect their customers and their brands against cybercriminals. Follow her at @lizkoneill.

Author Archive

Stay up to date

Enter your name and email address below to subscribe to our mailing list.

Your browser is out of date.
For a better Return Path experience, click a link below to get the latest version.