Only 19 percent of UK retailers have implemented the recommended level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection, which protects them from cybercriminals spoofing their identity and decreases the risk of email fraud for customers.
That’s according to research conducted by Proofpoint, which says this leaves online shoppers at 81 percent of retailers in the UK open to email fraud. UK retailers are also underperforming on a global scale, with 70 percent of global retailers in the Forbes Global 2000 having some form of DMARC protection, compared to just 45 percent in the UK.
With Brits expected to have spent some £4.8 Billion during the Black Friday/Cyber Monday frenzy, shoppers will not only be scanning the internet for deals, but will also be inundated with emails promising deals that are too good to miss. Cybercriminals often capitalise on this increase in email communication from retailers to trick shoppers with fraudulent emails.
“Our research has shown that UK retailers are not only leaving their customers vulnerable to cybercriminals on the hunt for personal and financial data, but are also performing worse than global retailers at implementing at least the minimum level simple, yet effective email authentication best practices,” said Adenike Cosgrove, cybersecurity strategist, International, Proofpoint. “Email continues to be the vector of choice for cybercriminals and the retail industry remains a key target”.
Key findings from the research include:
- Less than half (45 percent) of UK retailers analysed by Proofpoint have implemented the minimum level of DMARC protection to prevent malicious actors spoofing their domain.
- Further, only 19 percent have implemented the recommended level of DMARC protection (reject), which actually blocks fraudulent emails from reaching their intended targets, meaning 81 percent are leaving customers open to email fraud.
- 36 percent of UK retailers have no published DMARC record at all, leaving themselves wide open to impersonation attacks.
- Proofpoint also analysed the DMARC status of the global retailers included in the Forbes Global 2000 and found that not only have significantly fewer UK retailers implemented some level of DMARC protection, 70 percent of global retailers compared to only 45 in the UK, but more retailers in the UK have zero protections in place compared to those globally, 36 percent compared to 30 percent.
“Organisations in all sectors should look to deploy authentication protocols, such as DMARC, to shore up their email fraud defences. Cybercriminals will always leverage key events to drive targeted attacks using social engineering techniques such as impersonation, and will capitalise on a time when guards are down, and attentions are focused on grabbing seasonal bargains. Ahead of Black Friday, shoppers must be vigilant in checking the validity of all emails and retailers must do better to ensure their customers remain safe online”, added Cosgrove.
Proofpoint recommends consumers follow the below top tips to remain safe online while shopping for seasonal bargains:
- Use strong passwords: Do not reuse the same password twice. Consider using a password manager to make your online experience seamless, whilst staying safe. Use multi-factor authentication for an added layer of security.
- Avoid Unprotected WiFi: Free/open-access WiFi is not secure: cybercriminals can intercept data transferred over unprotected WiFi, including credit card numbers, passwords, account information, and more.
- Watch out for “lookalike” sites: Attackers create “lookalike” sites imitating familiar brands. These fraudulent sites may sell counterfeit (or non-existent) goods, be infected with malware, or steal money or credentials.
- Dodge Potential Phishing and Smishing Attacks: Phishing emails lead to unsafe websites that gather personal data, like credentials and credit card data. Watch out for SMS phishing too —aka ‘smishing’ — or messages through social media.
- Don’t click on links: Go directly to the source of the advertised deal by typing a known website address directly into your browser. For special offer codes, enter them at the checkout to see if they are legitimate.
- Verify Before You Buy: Fraudulent ads, websites, and mobile apps can be hard to spot. When downloading a new app or visiting an unfamiliar site, take time to read online reviews and any customer complaints.