More than four-fifths (81%) of UK retailers are putting their customers at risk of email fraud by not implementing the recommended level of domain-based message authentication, reporting and conformance (DMARC) protection.
This is according to a new study by Proofpoint, which warned of a likely surge in fraudulent emails targeting online shoppers ahead of this year’s Black Friday and Cyber Monday.
DMARC is an email authentication, policy and reporting protocol designed to improve and monitor protection of the domain from fraudulent emails. Yet worryingly, ahead of the Black Friday and Christmas shopping periods, Proofpoint said just 19% of UK retailers have adopted the recommended level of DMARC protection (reject), which blocks fraudulent emails from reaching their intended targets.
The research also showed that under half (45%) of UK retailers have implemented the minimum level of DMARC protection, which prevents malicious actors from spoofing their domain. This is significantly lower than the proportion of global retailers (70%) included in the Forbes Global 2000 who have implemented this level of DMARC protection. Additionally, more than a third (36%) of UK retailers have no published DMARC record at all, leaving themselves wide open to impersonation attacks.
Email has become an increasingly important means by which retailers contact customers about offers amid the shift to e-commerce during COVID-19, and fraudsters have heavily exploited this trend.
Adenike Cosgrove, cybersecurity strategist, International, Proofpoint, commented: “Organizations in all sectors should look to deploy authentication protocols, such as DMARC, to shore up their email fraud defenses. Cyber-criminals will always leverage key events to drive targeted attacks using social engineering techniques such as impersonation and will capitalize on a time when guards are down and attentions are focused on grabbing seasonal bargains. Ahead of Black Friday, shoppers must be vigilant in checking the validity of all emails, and retailers must do better to ensure their customers remain safe online.”
Yesterday, Kaspersky released new research, which found online payment fraud surged by 208% between September and October 2021, further highlighting the threats facing online shoppers.
James Coker Reporter, Infosecurity Magazine