3 reasons why cybercriminals love Cyber Monday

Cyber Monday is a big deal for ecommerce businesses and consumers alike. In 2021, Cyber Monday sales totaled an eye-watering $10.7 billion. And impressively, 2020 saw sales soar to a whopping $10.8 billion, making it the biggest e-commerce selling day of all time.

It’s almost impossible to imagine now, but there was once a time when online shopping was actually on the back foot. So to compete with the brick-and-mortar-based Black Friday, Cyber Monday was created to drive online sales. Now, it’s a key date in the global shopping sales calendar, with businesses worldwide slashing price tags and opening their (online) doors to the deal-hungry masses.

But while consumers benefit from big price drops and sellers see skyrocketing profits, it’s not all sunshine and rainbows. With shoppers actively on the hunt for great deals, more frequent communications between businesses and buyers, and many retailers with no protection from email impersonation, it’s a fantastic opportunity for cybercriminals to roll out Cyber Monday phishing scams too. 

Here are 3 reasons why cybercriminals love Cyber Monday. 

1. More volume means more opportunity

Cybercriminals never miss a chance to make money, and most often the opportunities arise when the volume of communication between retailer and consumer peaks. When it comes to online shopping, the majority of this communication is carried out via email. 

SendGrid processed 7 billion emails on Cyber Monday 2021, 22.2% more than in 2020. These are mammoth figures, and when combined with the hoards not adopting the key email security protocols that can prevent phishing and other cyber attacks, it becomes crystal clear that Cyber Monday is the perfect storm for cybercrime.

But there are ways for retailers to fight back against this barrage of attacks. If businesses can use technology driven by Artificial Intelligence (AI) in their email security arsenal, then cybercriminals will find it more difficult to take advantage. 68% of phishing emails blocked by Gmail are now different day-to-day, and it’s no longer enough to rely on humans or rules-based technology to combat them. It’s more important than ever that retailers deploy smarter AI-based technologies that spot and predict patterns in attacks, preemptively shutting them down before damage is done.

2. Shoppers are on the hunt for deals

If an outrageously good deal lands in your inbox, you’re likely to question it. As the old saying goes, if it’s too good to be true, it probably is. But to offer the best Cyber Monday deals, businesses are actively reducing price tags to appeal to savvy shoppers. So, it’s not just easier for scam offers and phishing emails to slip through the cracks, it’s more difficult for consumers to determine the real from the fake.

You could argue that the best way to avoid being scammed this Cyber Monday is to only shop at retailers you know and trust. But if these businesses aren’t DMARC protected, then they’re just as likely to be exploited and impersonated as any other business, and you’re no better protected against seasonal scams.

When it comes to impersonating a brand, bigger is better. If a well-known brand doesn’t have a strong DMARC policy in place, then criminals can leverage its existing reputation and loyal customer following to its advantage. It’s remarkably straightforward for cybercriminals to impersonate these big names, send out convincing phishing emails from their exact domains, set up bogus online stores, harvest the credit card details of unwitting victims, and taint the reputation of the spoofed brand for good.

3. It’s easy to impersonate businesses with no DMARC protection 

We found that 88% of the world’s top retailers still don’t have a sufficient DMARC policy in place, meaning they’re highly vulnerable to exact domain impersonation attacks. DMARC is an email authentication protocol that, when properly configured, works using existing protocols SPF and DKIM to stop bad actors from impersonating your domain.

Because of a flaw in the SMTP protocol, cybercriminals are able to send phishing emails using a brand’s exact domain, leaving both their trusting customers and internal infrastructure open to attack, resulting in financial and data loss, and long-lasting reputational damage.

Exact impersonation makes spam emails so much more effective, and this is only amplified when consumers are expecting an influx of offers from retailers. If B2C businesses aren’t protecting their brand name and email communications this Cyber Monday, then they’re making it easy for cybercriminals to phish their customers and damage their hard-earned brand reputation.

DMARC adoption drives down Cyber Monday phishing

While it’s important for consumers to keep up-to-date on how to avoid falling victim to phishing scams this Cyber Monday, it’s just as vital that businesses are protecting them from these in the first place. By implementing foundational email security measures such as DMARC, businesses not only safeguard their customers and supply chains, but also their business infrastructure, and reputation.

Red Sift’s Digital Resilience Platform solves for the greatest vulnerabilities across your complete attack surface, and our award-winning DMARC application OnDMARC gets you protected quickly and easily. Start your free trial today.


Sabrina Evans

29 Nov. 2021



Recent Posts


Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more

Navigating the Information Security Landscape: ISO 27001 vs. SOC 2

Red Sift

As cyber threats evolve, so do the standards and frameworks designed to combat them. Two of the most recognized standards in information security are ISO 27001 and SOC 2. What sets them apart, and which one is right for your organization? Let’s delve into the key differences. Purpose and Scope: Global Framework vs. Client-Centric…

Read more

G2 Summer 2024 Report: Red Sift OnDMARC’s Winning Streak Continues

Francesca Rünger-Field

We’re delighted to announce that Red Sift OnDMARC has again been named a Leader in G2’s DMARC category for Summer 2024. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift appeared in 11 reports – 5 new ones since Spring 2024! – earning 5 badges: A few…

Read more

Google will no longer trust Entrust certificates from October 2024

Red Sift

Tl;dr: Google has announced that as of October 31, 2024, Chrome will no longer trust certificates signed by Entrust root certificates. While there is no immediate impact on existing certificates or those issued before 31st October 2024, organizations should start reviewing their estate now. On Thursday 27th June 2024, Google announced that it had…

Read more

Understanding the polyfill.io domain attack

Francesca Rünger-Field

tl;dr: The recent compromise of the polyfill.io domain has triggered a broad-reaching web supply chain attack, impacting over 100,000 websites across various sectors including finance, healthcare, non-profits, academia, and more. To ensure the security of your website, we strongly advise you immediately remove any reference to polyfill.io. Latest update: 27th June 2024 Sansec, a…

Read more