GS interviews AtData's Diarmuid Thoma

As the holiday season approaches, email fraud remains a growing concern for consumers and retailers alike. Fraudsters are deploying increasingly sophisticated tactics, exploiting email vulnerabilities to deceive recipients and disrupt businesses. In this Q&A, Diarmuid Thoma, head of fraud and data at AtData, shares insights into the latest email scam trends, practical steps consumers can take to protect themselves, and strategies retailers can use to safeguard their campaigns while maintaining deliverability.

Fraudsters are becoming increasingly creative with email scams. What are some of the most common email fraud tactics you're seeing this year, and how have they evolved compared to previous holiday seasons?

Them: We're aware that fraudsters are leveraging increasingly sophisticated techniques to make phishing emails appear legitimate while bypassing traditional detection methods. One prevalent tactic is display name spoofing, where scammers use a trusted brand or individual's name in the "From" field while masking the true email address.

Another common approach is the use of lookalike domains or "close cousin domains," such as substituting characters (e.g. "micros0ft.com") to closely resemble legitimate domains. This tactic has been particularly targeted at major brands during the holiday season.

Additionally, typosquatting—registering domains with minor misspellings or variations—is gaining traction, further complicating detection efforts. The proliferation of disposable and hyper-disposable domains is a notable trend, as these temporary email addresses are used to quickly bypass filters and engage in fraudulent activity with minimal traceability because of their ephemeral nature.

Compared to previous years, these tactics demonstrate a continuing evolution in precision and adaptability, underscoring the need for robust email intelligence and advanced detection mechanisms.

What are three key steps consumers can take to identify fraudulent emails and protect themselves from email scams during the holiday shopping season?

Thoma: To protect themselves from email scams during the holiday shopping season, consumers should adopt a proactive and cautious approach. Here are three key steps to enhance personal email security:

1. Scrutinize the Sender and Content: Always verify the "From" email address carefully. Fraudulent emails often use subtle changes in domain names or display names to appear legitimate. Look for common red flags, such as spelling errors, generic greetings, or urgent language designed to pressure you into acting quickly.

2. Examine Links and Attachments: Hover over links to review the URL before clicking and be particularly wary of attachments. Most reputable retailers avoid sending attachments in promotional emails. If an email claims to contain an "invoice" or "shipping notice," verify its legitimacy directly with the sender rather than opening any files.

3. Keep Software and Devices Updated: Regularly update your devices and software, as many platforms incorporate advanced fraud protection features. While these safeguards aren't foolproof, they help reduce vulnerabilities by blocking known threats and mitigating potential risks.

By staying vigilant and adopting these best practices, consumers can significantly reduce their exposure to email fraud during the busy holiday season.

What are the biggest risks retailers face when it comes to ensuring their email campaigns are safe and delivered to the intended recipients? How can they mitigate these risks?

Thoma: Retailers face significant risks in ensuring their email campaigns are both secure and successfully delivered to intended recipients. The most pressing challenges include preventing phishing and spoofing attacks, maintaining brand reputation, and ensuring compliance with evolving email security standards.

To mitigate these risks, retailers must prioritize the implementation of email authentication protocols. This begins with deploying DMARC (Domain-based Message Authentication, Reporting, and Conformance) with strict policies to prevent unauthorized use of their domain. Regular monitoring and reporting are essential to ensure these policies remain effective and responsive to emerging threats.

Adopting BIMI (Brand Indicators for Message Identification) is another effective measure to boost consumer trust by displaying the retailer's verified logo in emails that pass DMARC authentication and enhance brand visibility. Additionally, leveraging MTA-STS (Mail Transfer Agent Strict Transport Security) is helpful for enforcing TLS (Transport Layer Security) encryption, which protects against man-in-the-middle attacks during email delivery.

Combining these technical measures with regular employee training and monitoring will help retailers can better safeguard their email campaigns, maintain customer trust, and ensure their messages reach their audience securely.

How critical is domain authentication, such as SPF, DKIM, and DMARC, in preventing email fraud? Are there common mistakes brands make when implementing these protocols?

Thoma: Domain authentication protocols like SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are an essential part of the fight against email fraud. These protocols work together to verify the authenticity of email senders, prevent brand impersonation, and protect consumers from phishing attacks.

While effective, it's important to recognize that even DMARC is not foolproof; some studies indicate that phishing attempts can bypass DMARC protections more than half the time, highlighting the need for a multi-layered security approach.

For retailers, implementing these protocols not only reduces fraud risk but also demonstrates a commitment to customer safety. This proactive stance can build trust, enhance brand loyalty, and foster lasting relationships with consumers. By ensuring a secure email experience, retailers can help turn first-time buyers into long-term advocates. However, there are several common mistakes brands make when implementing these protocols:

• Using Incomplete or Incorrect Records: Misconfigured SPF or DKIM records can lead to delivery failures or leave gaps that fraudsters can exploit.

• Not Enforcing Strict DMARC Policies: Many organizations set DMARC to "monitor-only" (p=none) and fail to progress to stricter enforcement modes (e.g., p=quarantine or p=reject), leaving their domains vulnerable.

• Failing to Monitor and Update Policies: Email authentication requires ongoing management. Failure to monitor reports or adjust policies as needed can undermine the effectiveness of these protocols.

Proper implementation and ongoing refinement of these tools can significantly enhance retailers' ability to combat fraud and protect their customers.

With fraudsters using tactics like avoiding exact domain spoofing, what strategies or tools can retailers use to detect and combat these more sophisticated types of fraud?

Thoma: As fraudsters evolve their techniques, retailers must adopt advanced strategies to identify and mitigate these more sophisticated threats. Some effective approaches include:

1. Implementing Advanced Email Threat Detection: Retailers should leverage tools powered by machine learning and AI that can detect anomalies, such as suspicious behavioral patterns or minor variations in domain names in real-time as domains are created. These provide real-time analysis and can help flag potential threats before they cause issues.

2. Domain Monitoring and Protection Services: Using domain monitoring services helps retailers identify and take action against malicious lookalike domains as soon as they are identified. Proactively flagging fraudulent domains helps limit their use in scams.

3. Behavioral Analysis and Contextual Intelligence: Employing email intelligence tools that analyze user behavior and context can identify suspicious interactions. For example, rapidly generated or tumbled email addresses that deviate from typical patterns, can be identified across activity networks and flagged for further review.

4. Consumer Education: While tools are essential, educating consumers is equally important. Retailers can include visible security tips in their emails, such as encouraging users to verify URLs or avoid clicking on unexpected links. Empowered consumers are an additional line of defense against fraud.

By integrating these strategies into their security frameworks, retailers can more effectively combat sophisticated fraud tactics, protect their brand reputation, and safeguard their customers.

Retailers often struggle to balance email security with ensuring their emails reach the intended audience. What best practices can brands follow to enhance both email deliverability and security without compromising either?

Thoma: Balancing email security with deliverability requires a strategic approach that prioritizes both protection and performance. Brands that deploy email address intelligence benefit from:

1. Enhanced Inbox Placement: By ensuring that email lists are valid, safe, and up to date, email address intelligence helps brands achieve higher inbox placement rates, reducing the likelihood of messages being flagged as spam.

2. Proactive Risk Mitigation: Email intelligence tools can identify toxic but deliverable addresses, such as spam traps or addresses linked to fraudulent activity. Removing these addresses helps brands avoid blacklisting and protects their sender reputation.

3. Improved Deliverability Metrics: By preventing high bounce rates and ensuring only valid, engaged recipients are targeted, brands can maintain strong sender scores and achieve better engagement rates.

To further support this balance, retailers should implement email authentication protocols to secure communications and build trust with mailbox providers. Additionally, adopting a feedback loop process to monitor complaints and regularly refining email lists ensures campaigns are targeted and effective.

Brands want to safeguard their email campaigns while maximizing deliverability and integrating these best practices will help enable them to connect with their audiences securely and successfully.

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.