Protecting your customers and your business from Black Friday scams

By Guy Hanson, VP of Customer Engagement International at Validity

This holiday shopping season will be like no other before it. The last few months of the year are where many retailers make the majority of their profit, and whilst this will remain as true as ever, the channels where consumers will spend their money will be wholly different. With the pandemic having shuttered non-essential stores, retailers will be laser-focused on their online storefronts to uphold profits. It has been a difficult year for retail, and it’s of the utmost importance that the run up to Christmas is profitable enough to see these businesses through to the New Year. 

A lot of these hopes will be pinned on the Black Friday period. I write period because, whilst traditionally this has been a four-day sales extravaganza, the added uncertainty this year has brought has seen customers begin their Christmas shopping early, and many retailers have extended these sales for the entire month of November to serve those customers and spread the warehouse, logistics and online burden across a longer time span. The pandemic has of course squeezed the wallets of the British public, and their hunger for deals will be greater than ever.  Whilst retailers appreciate this and will be using this to their advantage, unfortunately so too will online scammers. 

Whilst scams most obviously victimise the consumer, so too do they impact the retailers they may be masquerading as. This erodes consumer trust, and negatively impacts future customer relations. Retailers therefore have an interest in, and responsibility to, protecting their customers from online fraud. In this article I’ll provide an overview of the scam landscape, and what retailers can do to protect their customers and ultimately their bottom line.

Scam growth during Covid-19

Email is still the predominate means of retailers’ correspondence with their customer base, and recent DMA research has shown that 73% of consumers rank email as their first or second preference out of nine different marketing channels. It’s also seen as the most trustworthy channel, with 58% of consumers trusting email. Crucially for this time of year though, it’s also customers’ preferred means of finding out about new offers, products and services.

That said the volume of spam and fraudulent email remains shockingly high. Research from Cisco Talos shows that legitimate email represents only around 15% of the total. In the past six months, email fraud has opportunistically jumped on the Covid-19 bandwagon, possibly taking advantage of traditionally offline consumers as they have been forced online to find the goods and services they want to buy.

Figures from email security company Mimecast detail the extent of the issue. Throughout the early stages of the pandemic, its software detected a 56% increase in blocked clicks to malicious URLs by and a 35% increase in malware detection. Impersonation detections grew by 20% and spam email messages increased 26%.

As always, the fraudsters continue to get smarter. For a while now they will send emails from lookalike domains (e.g. “” not “”) knowing many recipients won’t notice the difference. Now they are going one step further, using near identical symbols but from different character sets (e.g. Cyrillic) meaning they look exactly the same, but will report as unique when evaluated by a spam filter.

What steps should retailers be taking?

It should absolutely be the responsibility of brands to play a proactive role in protecting their customers. Partly because it’s the right thing to do, but also because they will be impacted if they don’t. If customers can’t differentiate between legitimate and the fraudulent emails, they will stop trusting all emails that appear to come from that sender. This will drive up complaints and drive down engagement, impacting the performance of the brands’ legitimate email activity. Brands need to build trust with consumers to ensure their correspondence is not considered spam or a scam.

From a technical perspective its essential that brands are using Domain-based Message Authentication, Reporting & Conformance (DMARC). DMARC is an email validation system designed to uncover any unauthorised people using your domain, automatically blocking delivery of all unauthenticated mail.

Guy Hanson
Guy Hanson

Similarly, BIMI (Brand Indicators for Message Identification) is a standard that attaches a brand’s logo to authenticated email messages. With this simple, visual verification, recipients can instantly recognise and trust the messages they receive from you.

More holistically, brands need to lean into the data they hold on their customers and use it for personalisation. There are many tactics for brands to acquire this crucial data, and brands are increasingly leveraging ‘progressive registration’ tactics wherein, over the course of several interactions, the company gradually requests more data about their new customer. This is a more natural means of gaining insight on customers, akin to how a normal, human conversation might play out. 

A scammer, on the other hand, may have a retailer’s customer’s email, but they won’t have the same level of insight into their buying habits. Personalisation can assist because the data required to drive personalisation is often only known to the legitimate sender. For example, this is why banks will often include a portion of the recipient’s post code. For marketers, personalisation based on previous interactions is highly effective as a trust driver, for the same reason.

Data quality to drive personalisation

To achieve personalisation brands need to ensure they have the quality data to drive it. As data is constantly changing, retailers need to ensure they are regularly verifying their data on existing customers as much as they would do for prospective customers. This might include validating email addresses to ensure they’re still accurate, reengaging with inactive subscribers to attempt to bring them back into the fold, and deprioritising correspondence to those subscribers that have lapsed. 

Following this, the data can then be enriched with other key data points to help generate an understanding of their customers to serve them better. After the first four stages, monitoring the data is the easiest part of the process and businesses can even call on the help of automation to ensure the data they have collected from customers remains cleansed by setting up dashboards and alerts that track data quality. 

Ultimately, brands cannot stop scammers from plying their trade. However, they can utilise email marketing and data quality best practice to make their own correspondence so personalised, relevant and consistent in tone that no scam artist could realistically impersonate them.