60 percent of the UK’s top ten online retailers are not actively blocking fraudulent emails from reaching customers
Proofpoint, Inc., (NASDAQ: PFPT) a leading cyber security and compliance company, today released research identifying that only four of the top 10 (40 percent) online retailers in the UK have implemented the strictest level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection, making them susceptible to cybercriminals spoofing their identity and increasing the risk of email fraud for customers. Worryingly, this leaves online shoppers at 60 percent of top retailers in the UK open to email fraud.
With Black Friday upon us, and over half of UK consumers set to shop on the day, shoppers will be scanning both the internet and their inboxes for the hottest deals. However, cybercriminals may capitalise on the anticipation of email communication from retailers to potentially trick shoppers with fraudulent emails.
“Online retailers may be exposing themselves and their customers to cybercriminals on the hunt for personal and financial data, by not implementing simple, yet effective email authentication best practices,” says Adenike Cosgrove, cybersecurity strategist, International, Proofpoint. “Email continues to be the vector of choice for cybercriminals and the retail industry remains a key target. In fact, Proofpoint researchers saw a 144 percent year-over-year increase in email fraud attacks on the retail industry in 2018.”
Key findings from the research include:
- The UK is leading the charge with DMARC adoption in the ecommerce sector across Europe, with 100 percent of the top ten online retailers in the UK having a published a DMARC record.
- However, only 40 percent have implemented the strictest level of DMARC protection, which actually blocks fraudulent emails from reaching their intended targets, meaning 60 percent are leaving customers open to email fraud.
- The UK’s adoption of the strictest level of DMARC protection in the eCommerce sector is stronger than the European-wide percentage: Only 15 percent of the top 20 European-wide online retailers are proactively blocking fraudulent emails from reaching customers, meaning 85 percent of Europe’s top online retailers are leaving customers open to email fraud.
- Proofpoint analysed eight regions across EMEA in this study, see below for how they rank against each other:
“Organisations in all sectors should look to deploy authentication protocols, such as DMARC to shore up their email fraud defences. Cybercriminals will always leverage key events to drive targeted attacks using social engineering techniques such as impersonation and online retailers are no exception to this. Ahead of Black Friday, consumers must be vigilant in checking the validity of all emails, especially on a day when guards are down, and attentions are focused on grabbing seasonal bargains”, says Adenike Cosgrove, cybersecurity strategist, International, Proofpoint.
Proofpoint’s Domain Fraud Report 2019 also demonstrates how email is heavily used as a threat vector in the retail industry, with the report revealing that for fraudulent domains impersonating
highly recognisable retail brands, Proofpoint researchers observed much higher volumes of email, suggesting more broad-based attacks against customers and partners.
Proofpoint recommends consumers follow the below top tips to remain safe online while shopping for seasonal bargains:
- Use strong passwords: Do not reuse the same password twice. Consider using a password manager to make your online experience seamless, whilst staying safe. Use multi-factor authentication for an added layer of security.
- Avoid Unprotected WiFi: Free/open-access WiFi is not secure: cybercriminals can intercept data transferred over unprotected WiFi, including credit card numbers, passwords, account information, and more.
- Watch out for “lookalike” sites: Attackers create “lookalike” sites imitating familiar brands. These fraudulent sites may sell counterfeit (or non-existent) goods, be infected with malware, or steal money or credentials.
- Dodge Potential Phishing and Smishing Attacks: Phishing emails lead to unsafe websites that gather personal data, like credentials and credit card data. Watch out for SMS phishing too —aka ‘smishing’ — or messages through social media.
- Don’t click on links: Go directly to the source of the advertised deal by typing a known website address directly into your browser. For special offer codes, enter them at the checkout to see if they are legitimate.
- Verify Before You Buy: Fraudulent ads, websites, and mobile apps can be hard to spot. When downloading a new app or visiting an unfamiliar site, take time to read online reviews and any customer complaints.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.