- Report claims 40% of retailers fail to meet email security standards
- DMARC adoption gaps leave buyers exposed to phishing attacks
- Weak retailer protections increase risks during sales
As shoppers prepare for another season of online deals, new research from Proofpoint reveals a worrying vulnerability among major retailers.
The findings claim that 40% of the UK’s top online retailers have yet to adopt strict email security measures, leaving customers exposed to phishing attacks and other email fraud risks.
With an estimated £800 million increase in spending expected this year, cybercriminals are ready to take advantage of the rise in digital transactions.
Weak email security exposes buyers
Proofpoint’s analysis focuses on the adoption of Domain-based Message Authentication, Reporting and Compliance (DMARC) protocols among the top 30 UK retailers. DMARC authenticates the sender’s identity and helps prevent malicious emails from reaching consumers.
However, only 60% of these retailers have implemented the strictest level of DMARC protection, which actively blocks fraudulent messages. Alarmingly, 7% of retailers have no DMARC protection at all, leaving their domains exposed to phishing and fraud.
While there has been some progress compared to 2023, when 47% of retailers lacked proactive measures, the current level of non-compliance remains a major concern. The pre-holiday shopping season, marked by Black Friday and Cyber Monday, is the ideal time for cybercriminals to launch attacks.
Scam emails posing as legitimate offers from well-known brands are common tactics used to lure in unsuspecting buyers. These emails often contain malicious links, direct users to spoofed websites, or request sensitive personal information under the guise of verifying purchases.
Proofpoint also warns against smishing or phishing via SMS, as well as social media scams that exploit shoppers’ eagerness to find bargains.
Proofpoint recommends that buyers avoid reusing passwords across different platforms and use a password manager that simplifies password management while improving overall security. Adding multi-factor authentication to your accounts also provides an additional layer of defense.
Instead of clicking on links included in emails or messages, Proofpoint recommends that shoppers manually enter the retailer’s official web address into a web browser and investigate unfamiliar sites by reading customer reviews and looking for complaints.
