More than half (52%) of the top 50 online retailers in the U.S are not taking sufficient measures to protect consumers from potential email fraud and cybercrime, a new study by cyber protector Proofpoint found.
The stakes are high, the Sunnyvale, California company suggested, pointing to anticipated spending by consumers during the holiday shopping season at nearly $960 billion. Furthermore, based on a recent survey by The National Retail Federation (NRF), consumers plan to spend $875 on core holiday items including gifts, decorations, food and other holiday-related purchases this year.
Proofpoint’s analysis of the top 50 retailers comes according to the NRF and their adoption of DMARC, (Domain-based Message Authentication, Reporting and Conformance), a widely-used authentication protocol that helps guarantee the identity of email communications and protects website domain names from being spoofed and misused.
52% of Online Retailers Bot Blocking Fraudulent Emails
Their analysis has found:
- Less than half (48%) of online retailers in the U.S. have implemented the highest level of protection to reject suspicious emails from reaching consumers’ inboxes, meaning 52% of online retailers are not actively blocking fraudulent emails from reaching consumers.
- More than one in 10 (12%) have no DMARC record in place at all.
- 26% have implemented a monitor policy, meaning unqualified emails can still arrive in the recipient’s inbox; and only 14% have implemented a quarantine policy to direct unqualified emails to spam/junk folders.
“The influx of emails from brands offering great deals during the Black Friday and Cyber Monday shopping period makes it an opportune time for cybercriminals to capitalize on the spike in email traffic and target shoppers with creative and convincing lures and scams,” said Robert Holmes, group vice president and general manager of Proofpoint’s sender security and authentication business.
Despite email being a popular channel for cybercriminals to conduct large-scale phishing campaigns to steal personal information that can then be used to engage in identity and financial fraud, more than one in 10 (12%) leading online retailers aren’t protected at all, allowing malicious actors to impersonate their brand by delivering malicious emails to consumers’ inboxes.
Proofpoint's Safe Shopping Tips
Here are Proofpoint’s tips for consumers to stay safe when shopping this holiday season:
- Employ multi-actor (MFA) and a password manager streamlines your online experience while helping to secure your online accounts.
- Be vigilant for fraudulent websites that mimic reputable brands. These copycat sites might peddle counterfeit or non-existent products, host malware, or attempt to pilfer money and credentials.
- Stay alert to phishing emails that lead to unsafe websites designed to collect personal data, including login credentials and credit card details. Also, be wary of SMS phishing, or "smishing," and messages received through social media.
- Avoid clicking on links and instead, directly type the known website address into your browser to access advertised deals. For special offer codes, enter them during the checkout process to verify their legitimacy.
- Fraudulent advertisements, websites and mobile apps can be deceptively convincing. Prior to downloading a new app or visiting an unfamiliar website, invest time in reading online reviews and checking for customer complaints.
“We encourage shoppers to take extra care this holiday season, avoid clicking on suspicious links in emails and ensure they transact on verified websites," said Holmes. "We also encourage consumers to make sure they are doing their due diligence when shopping — not just during Black Friday and Cyber Monday, but whenever they’re spending money and providing personal and financial information online.”