It's the most frantic time of the year, isn't it? From "Place your order for guaranteed delivery!" to "There's still time!" and "Great last-minute gifts!" -- it would certainly seem so by looking at most people's overflowing personal inboxes.

It's also, however, the perfect time for bad actors to jump into the fray, impersonate your brand, and scam your customers out of their holiday shopping funds and sensitive personal info.

CISA, the FBI, and other government and law enforcement agencies issue annual warnings to consumers about common holiday shopping and charitable donation scams, advising them to be wary of deals that look too good to be true, secure their accounts, and avoid giving out sensitive information over various media. But as you increase your marketing message volume to consumers, so do those bad actors -- and they're taking advantage of generative AI tools to mimic your logo, language, and landing pages more accurately than ever. And if a consumer is taken in by a well-crafted look-alike, they lose trust in your brand regardless.

What can you do to protect your customers and your reputation from human-element breach types like phishing, SMShing, Vshing, and Qshing?

There are two actions that you can take that may involve revisiting or revamping security practices you've already put in place. This holiday season and beyond, be sure to:

Domain-based Message Authentication, Reporting, and Conformance (DMARC), along with DKIM and SPF, prevent attackers and scammers from faking email domains to send malicious, fraudulent emails. Organizations that successfully implement DMARC also prevent unauthorized users from sending email as if they were an authorized sender such as an email marketing service provider.

How: Collaborate with security colleagues to implement the DMARC protocol and test Brand Indicators for Message Identification (BIMI) to help protect your brand, bolster customer trust, and defend against phishing. And be sure that your service providers are monitoring DMARC configurations and status regularly for all your domains.

Your customers should know how you will and how you will not communicate with them. That's especially important given all the successful social engineering attempts we've seen and the trend toward targeted, multipronged campaigns using voice, text, email, and even deepfake audio and video.

How: Provide them with visuals as to what your confirmation and delivery status emails or texts will include. Security messages from you should precede your high-volume seasons or events and give customers instructions on how to examine the links behind QR codes to verify your official domains. They should offer one phone number they can call to verify communications from you should they have any doubts; also give them a support email address to which they can forward suspicious emails claiming to be from your company or brand. And finally, your communications should let customers know under what circumstances, if any, for which a representative from your company would call them.

The holiday season brings unique opportunities and challenges for businesses, read more insights to end the year on a high note here.