A few weeks ago, the chief technology and product officer of Lexington cybersecurity firm Mimecast got an e-mail that appeared to be from Amazon.
It indicated that his order had been delayed because of suspicious activity on his account and asked that he verify his information to get the delivery back on track.
“Nowadays, sending an e-mail to somebody saying your Amazon shipment is held up ... it’s really easy to fall for that,” David Raissipour said.
But in fact, the e-mail was an “impersonation scam” from an entity posing as Amazon. “I did not fall for it,” Raissipour said. “But I can promise you some very intelligent people that are in a rush will accidentally fall for it.”
Scammers are increasingly impersonating well-known brands and retailers by setting up lookalike websites. Their goal is to trick people into providing login credentials or credit card information. This type of attack — and the number of people who fall for them — “always spikes at this time of year,” Raissipour said.
“A lot of retail sales happen within this very short period of time. ... Consumers are in a hurry,” he said. “It creates a perfect opportunity for the bad guys.”
Last year, consumers lost more than $5.8 billion to fraud, up 70 percent from the year before, according to the most recent data from the Federal Trade Commission. Imposter scams were the most commonly reported incident, accounting for nearly half of all losses.
Though it’s long been a problem, Raissipour said these attacks appear to be getting more prevalent and sophisticated. “The websites that people put up in order to do this, some of them are up only for a few minutes,” he said.
The fake websites tend to look eerily similar to the company they’re trying to replicate, sometimes copying logos, images, or styling from the original brand. “It looks like Microsoft, but it’s a zero instead of an ‘o’,” he said.
Imposter scams are no longer just targeting large, well-known businesses, such as Bank of America and Amazon. Raissipour said the same tactics are being used to go after mid-size and small businesses that sell online, too.
Though more e-commerce businesses are advertising through social media, Raissipour said impersonation scams are still “e-mail, e-mail, e-mail.” (Mimecast sells enterprise security software to more than 42,000 customers, specializing in e-mail security.)
“Scams exist on social media, but just like every other type of threat today, e-mail is the primary way they get to people,” he said.
You might think older consumers are the most vulnerable to impersonation scams. But Raissipour said younger shoppers are just as at risk.
“I have three daughters that are in their 20s,” he said. “They will actually read e-mails faster than I do ... not because they’re able to read faster, but they skip a bunch of stuff.”
Anissa Gardizy can be reached at firstname.lastname@example.org. Follow her on Twitter @anissagardizy8 and on Instagram @anissagardizy.journalism.