Research by cybersecurity firm Proofpoint looking into online retail has found that the vast majority of brands remain vulnerable to email fraud. With Black Friday upon us, just 11% of the primary corporate domains of the 159 members of the British Retail Consortium had the strongest level of Domain-based Message Authentication, Reporting & Conformance (DMARC) protection in place.
Many threat actors use domain spoofing to pose as well-known retailers, sending emails from fake addresses that are difficult to distinguish from legitimate ones.
Implementing the strictest level of DMARC protection, however, means organizations can actively block fraudulent emails sent in their name.
- Keep your network secure with the best endpoint protection software
- We've put together a list of the best malware removal software
- Also check out our roundup of the best ransomware protection
The research also found that it wasn’t just UK retailers that were taking unnecessary risks. Looking at the top 20 online retailers across Europe, Proofpoint found that 80% also did not have the strictest DMARC policy in place.
As well as only shopping with sites that have a strong DMARC status in place, there are a few other steps that customers can take to protect their data from cybercriminals looking to impersonate a trusted domain over the shopping season.
Using strong passwords, avoiding unprotected Wi-Fi networks and remaining vigilant against lookalike sites will all help in the fight against fraud. In addition, avoiding suspicious links and watching out for phishing attacks is advised at all times.
“Organisations in all sectors should look to deploy authentication protocols, such as DMARC to shore up their email fraud defences,” Matt Cooke, cybersecurity strategist at Proofpoint, explained.
"Cybercriminals will always leverage key events to drive targeted attacks using social engineering techniques such as impersonation and retailers are no exception to this. Ahead of Black Friday, consumers must be vigilant in checking the validity of all emails, especially on a day when guards are down, and attentions are focused on grabbing seasonal bargains.”
- Also, check out our roundup of the best antivirus software