Phishing and spam in times of coronavirus
May 2020 by CSA
The risks that companies could now face as email senders and how cybercriminals are taking advantage of the current situation. Closed shops and restaurants, empty hotels; the coronavirus pandemic has virtually paralysed France in recent weeks, and many small and medium-sized businesses are in a dangerously precarious situation. But necessity is the mother of invention, as we all know, and many entrepreneurs have moved their business to the Internet, where there is no virus that could harm the human body. Customers are also moving their purchases to the World Wide Web as shop doors are closed. This has consequences: according to mail providers, e-mail use as well as shopping e-mails have dramatically increased since the beginning of the coronavirus crisis.
In principle this development is not a problem, but cyber criminals are taking advantage of the current situation by abusing the trust of recipients and contacting them with phishing techniques. For example, the German consumer protection association recently warned of a phishing e-mail from the savings bank. Customers were supposed to provide personal data via a link, which then immediately reached the fraudsters. Phishers are taking advantage of the fact that because of the coronavirus pandemic more and more customer relations are being maintained via e-mail and the recipients accept this and are perhaps less careful than usual. This is annoying for the recipients of these e-mails and can, in the worst case, cost them a lot of money. The high volume of these e-mails can therefore also have consequences for reputable e-mail senders if phishing e-mails are sent on their behalf as in the case mentioned above. The second problem is spam. E-mails containing dubious offers of protective masks or disinfectants, for example, exploit people’s fear. Even fraudulent e-mails on behalf of the World Health Organization (WHO) have already been sent. Mailbox providers have also recognized this and are implementing their spam rules even more rigorously. What senders must not forget is that once they have landed in the spam folder of a recipient, they will not make it into the inbox folder of the same recipient in the future. In this context, it is therefore particularly important that senders strictly adhere to certain rules to ensure the deliverability of their mails.
Small and medium-sized enterprises, in particular, which have shifted their business activities to the Internet in the face of the crisis and are now sending more and more e-mails, often do not know how to protect themselves against the risk of their name being falsely used in phishing attacks resulting in the loss of their good reputation. The Certified Senders Alliance (CSA), a whitelist project of the German e-commerce association eco e.V. in cooperation with the German Dialogue Marketing Association DDV, has set itself the goal of improving the quality of commercial e-mails in order to increase deliverability and protect the sender’s reputation. CSA experts recommend that companies adhere to the following five basic principles to protect their identity on the network and ensure that their e-mails end up in the recipient’s inbox, today and in the future.
Use only quality addresses
Only include the addresses of people that you have legally generated in your mailing list, who you are sure want to receive your information and whose consent you can always prove. This not only provides you with legal security, but also protects your reputation and builds trust with your customers. A small mailing list with quality addresses is preferable to a large mailing list with addresses from dubious sources. In any case, you should always use the double opt-in procedure. In case of doubt, you must be able to clearly prove at all times that you have the consent of each person to whom you have sent an e-mail. With the Double-Opt-In (DOI), you’re on the right track.
Take care of your professional image
Pay attention to quality in the choice of images and words in your emails. Pixelated images or buttons or even an insignificant subject line leave an overall negative impression. Make absolutely sure that all the links in your e-mail work and respect the "rules of the game": each link must reflect the advertised information. Make sure that your overall appearance inspires confidence and is not limited to what is legally required.
Be honest, even when it comes to attracting new subscribers to your newsletter. Say what you want in clear and understandable terms, don’t "hide" your request for permission to advertise. Recipients notice it at the latest when they receive a newsletter that they did not consciously request and, annoyed, cancel it or, even worse, mark it as spam in their mailbox.
Create a reference for the recipients so that they know why and on what basis you are communicating with them. Set a clear expectation in the recipients‘ mind by choosing a subject that also reflects the content of the e-mail. And if possible, address the recipients personally.
Don’t be a phish
Protect yourself and your brand against the risk of being used illegally for phishing purposes through authentication. Use the Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC) standards when sending emails. With the help of DMARC, (SPF) and (DKIM), you have the possibility to make your e-mails clearly recognizable for a mailbox provider and at the same time determine how they should handle e-mails that are supposed to come from you. In this way, phishing e-mails can be reliably detected and filtered out before they reach the recipient and cause possible damage to your customer.
Search for partners
You’ve never heard terms like SPF, DKIM and DMARC? You have only sent individual emails so far, but you would like to expand your email communication in the current situation? Large-scale sending requires compliance with extensive standards for transactional e-mails (e.g. invoices, order confirmations, etc.) and newsletters. The CSA has summarized the technical and legal standards required in the CSA criteria. Are you considering having your e-mails sent by an e-mail service provider? CSA-certified senders are committed to meeting CSA criteria and therefore to a very high standard. You can find certified senders at https://certified-senders.org/parti....
If your e-mail service provider offers this option, use a feedback loop. Your provider will then provide you with feedback on recipients who classify your e-mail as spam or junk. This also helps you to improve the efficiency of your list, but of course only if you immediately remove the addresses concerned from your list.