Phishing Attacks Rise Again During the Holidays – Even for DMARC Protected Brands

Share Button

It is no secret that phishing attacks are growing in scope and the reason is quite simple: they are still effective. For the past several years, we have seen a marked increase in the number of email driven phishing scams that coincide with the holidays. Below you’ll find an email-driven phishing scam which shows a notification from FedEx—we’ve seen this with other brand-recognized delivery couriers like UPS and DHL. You can view the US-CERT advisory here. In this instance, the notification indicates that FedEx was unable to deliver a package because there was nobody available to sign for it. Once the recipient clicks on the invoice, the phishing attack is launched. With this kind of attack, the company purported to be sending the message is also a victim as the brands themselves become associated with fraudulent activities.

What’s interesting about this fake notification is that the message was spoofed from “” instead of “” This is probably because FedEx is an early adopter of DMARC, and is most likely already in a p=reject mode (more details on that here: This means it’s virtually impossible to spoof the domain, leading phishers to utilize other domains instead.

While DMARC is effective in this case in ensuring no one can spoof the company’s domain, one issue that DMARC doesn't solve is the fact that cybercriminals can create domain names that are similar to the target they are attempting to leverage in an attack, using so-called “sister” or “cousin” domains. But because they are not attempting to spoof the full original name of the organization, DMARC won’t catch them.


It’s important to recognize that DMARC as a standalone tool is not a complete solution to the problem of email-based fraud and phishing attacks. While DMARC compliance is a good first step towards eradicating email fraud, it’s simply one layer, and should be supplemented with other technologies to help identify and remove threats from the web. Otherwise, once the phishing email is on an inbox, your end-users and employees are just one click away from allowing their devices to be infected and becoming a victim of fraud, perpetrated both against them and your brand.



Related Posts

Digital Footprint – An Avenue for Cybercrime All forms of digital activity leave a trail of information, otherwise known as a digital footprint. As a company’s digital presence grows, it becomes easier for cybercriminals to exploit it for financial gain.
Fraud in the Time of Coronavirus As the world grapples with the Coronavirus pandemic, self-isolation and stay-at-home-orders have increasingly become the norm.

Leave a Reply

Your email address will not be published. Required fields are marked *