As Black Friday and Cyber Monday draw closer, Australian shoppers' safety might be at risk due to lax cybersecurity measures of many Australian retailers.
New research from Proofpoint, a leading cybersecurity and compliance company, has discovered that 70% of Australia's top 100 retailers are not taking basic cybersecurity measures. This leaves shoppers vulnerable to email fraud during the holiday shopping season.
The research is based on a Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis of 100 of Australia's top retailers. DMARC is an email validation protocol designed to protect domain names from misuse by cybercriminals. It authenticates the sender's identity before allowing a message to reach its intended target. There are three levels of protection: monitor, quarantine, and reject, with reject being the most secure for preventing suspicious emails from reaching the inbox.
The research found that 70% of Australia's top retailers have not adopted the recommended and strictest level of DMARC protection, leaving themselves open to email fraud and domain spoofing attacks. More concerning is that 21% of Australia's top retailers haven't implemented a DMARC record.
The Australian Retailers Association's research suggests shoppers are expected to spend AUD $6.36 billion during this year's four-day Black Friday/Cyber Monday weekend, a 3% increase from last year. This surge in online shopping will result in increased email communication between retailers and consumers, providing cybercriminals an opportunity for sophisticated email-based attacks.
Steve Moros, Senior Director, Advanced Technology Group, Asia Pacific and Japan at Proofpoint, stated, "With Black Friday and Cyber Monday sales kicking off this month, consumers are at an increased risk of falling for email-based phishing attacks. We remind shoppers to check the validity of their emails and urge retailers to tighten email security ahead of the upcoming holiday shopping season."
The full findings from Proofpoint's DMARC analysis revealed that while 79% of Australia's top retailers have adopted the DMARC protocol, only 30% are properly implementing DMARC to the recommended and highest level by blocking suspicious emails. Of these, 30% use the highest level of protection, DMARC - Reject, 13% use DMARC - Quarantine, and 36% use DMARC - Monitor.
In conclusion, Moros emphasised, "It is critical that retailers fortify their defences against email fraud and safeguard customers, staff, and stakeholders from malicious attacks by implementing the highest possible DMARC protocol. By achieving full DMARC compliance, retailers can prevent malicious emails from reaching consumers' inboxes, safeguarding them both from a potentially catastrophic data breach."
As part of the safety measures, Proofpoint recommends that consumers protect passwords, beware of imitation sites, dodge phishing and smishing threats, refrain from clicking on links, and verify before making any online purchases.
Reflecting the growing concern over this issue, both Google and Yahoo! announced that from February 2024, they will require email authentication to be able to send messages from their platforms. These security requirements will be especially important for accounts that send large volumes of emails per day, such as retailers.