- Report claims 40% of retailers fail to meet email security standards
- DMARC adoption gaps leave shoppers exposed to phishing attacks
- Retailers’ weak protections heighten risks during sales
As shoppers prepare for another season of online deals, new research from Proofpoint reveals a concerning vulnerability among leading retailers.
The findings claim 40% of the UK’s top online retailers have yet to adopt stringent secure email measures, leaving customers exposed to phishing attacks and other email fraud risks.
With an estimated £800 million in increased spending anticipated this year, cybercriminals are ready to exploit the surge in digital transactions.
Weak email security exposes shoppers
Proofpoint’s analysis centers on the adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocols among the top 30 UK retailers. DMARC authenticates the sender’s identity and helpts to prevent malicious emails from reaching consumers.
However, only 60% of these retailers have implemented the strictest level of DMARC protection, which actively blocks fraudulent messages. Alarmingly, 7% of retailers have no DMARC protection at all, leaving their domains wide open to impersonation and fraud.
While there has been some progress compared to 2023, when 47% of retailers lacked proactive measures, the current level of non-compliance remains a significant concern. The pre-festive shopping season, marked by Black Friday and Cyber Monday, is prime time for cybercriminals to launch attacks.
Fraudulent emails masquerading as legitimate offers from well-known brands are common tactics used to lure unsuspecting shoppers. These emails often contain malicious links, direct users to counterfeit websites, or request sensitive personal information under the guise of verifying purchases.
Proofpoint also warns against “smishing,” or phishing via SMS, as well as social media scams which exploit shoppers’ eagerness to find bargains.
Proofpoint recommends that shoppers avoid reusing passwords across different platforms and use a password manager which simplifies password management while improving overall security. Adding multi-factor authentication to your accounts also provides an extra layer of defense.
Rather than clicking on links embedded in emails or messages, Proofpoint recommends that shoppers manually enter the retailer’s official web address into a web browser, and to research unfamiliar sites by reading customer reviews and checking for complaints.
