Credit: Stuart C. Wilson/Getty Images
More than half (52%) of the top 50 online retailers in the U.S are not taking sufficient measures to protect consumers from potential email fraud and cybercrime, a new study by cyber protector Proofpoint found.
The stakes are high, the Sunnyvale, California company suggested, pointing to anticipated spending by consumers during the holiday shopping season at nearly $960 billion. Furthermore, based on a recent survey by The National Retail Federation (NRF), consumers plan to spend $875 on core holiday items including gifts, decorations, food and other holiday-related purchases this year.
Proofpoint’s analysis of the top 50 retailers comes according to the NRF and their adoption of DMARC, (Domain-based Message Authentication, Reporting and Conformance), a widely-used authentication protocol that helps guarantee the identity of email communications and protects website domain names from being spoofed and misused.
Their analysis has found:
“The influx of emails from brands offering great deals during the Black Friday and Cyber Monday shopping period makes it an opportune time for cybercriminals to capitalize on the spike in email traffic and target shoppers with creative and convincing lures and scams,” said Robert Holmes, group vice president and general manager of Proofpoint’s sender security and authentication business.
Despite email being a popular channel for cybercriminals to conduct large-scale phishing campaigns to steal personal information that can then be used to engage in identity and financial fraud, more than one in 10 (12%) leading online retailers aren’t protected at all, allowing malicious actors to impersonate their brand by delivering malicious emails to consumers’ inboxes.
Here are Proofpoint’s tips for consumers to stay safe when shopping this holiday season:
“We encourage shoppers to take extra care this holiday season, avoid clicking on suspicious links in emails and ensure they transact on verified websites,” said Holmes. “We also encourage consumers to make sure they are doing their due diligence when shopping — not just during Black Friday and Cyber Monday, but whenever they’re spending money and providing personal and financial information online.”
Dan Kobialka
The Egress-KnowBe4 API generates insights into the different types of attacks that organizations face.
Dan Kobialka
SlashNext’s QR Code Phishing Protection blocks malicious QR codes in business and personal messaging channels.
Dan Kobialka
Proofpoint adds Tessian’s email data loss prevention (DLP) solutions to its portfolio.