According to research released on Thursday by security firm Proofpoint 55% of Australia’s top 100 online retailers are vulnerable to attacks because they have no published Domain-based Message Authentication, Reporting & Conformance (DMARC) record.
Proofpoint says that, more worryingly, only 10% of the top online retailers have implemented the strictest level of DMARC protection, which actively blocks fraudulent emails from reaching their intended target, leaving Australian consumers at serious risk of email fraud.
“As the holiday season kicks into high gear, people in all States will be searching the internet and their inboxes for this year’s best bargains. Unfortunately, online retailers may be unknowingly exposing themselves and their customers to cybercriminals on the hunt for personal and financial data,” says Crispin Kerr, Proofpoint Australia Country Manager.
Key findings from Proofpoint’s research, which analysed DMARC records for the top 100 Australian shopping sites according to the e-commerce resource site Power Retail, include:
- 55% of the top retailers in Australia currently have no published DMARC record, leaving themselves open to impersonation attacks.
- While 45% have published a DMARC record, only 10% of all observed retailers have implemented the strictest level of DMARC protection, which actually blocks fraudulent emails from reaching their intended target.
“Organisations in all sectors should look to deploy authentication protocols, such as DMARC, to shore up their email fraud defences. Cybercriminals will always leverage key events to drive targeted attacks using social engineering techniques such as impersonation. Ahead of Black Friday and Cyber Monday, we recommend consumers check the validity of all emails, especially on a day when guards are down, and attentions are focused on grabbing seasonal deals,” concluded Kerr.
Email continues to be the vector of choice for cybercriminals and the retail industry remains a key target. In fact, Proofpoint researchers saw a 144% year-over-year increase in email fraud attacks on the retail industry in 2018.
Proofpoint recommends consumers follow the six below tips to remain safe online while shopping for seasonal bargains:
1 Use strong passwords: Do not use the same password twice. Consider using a password manager to make your online experience seamless, whilst staying safe and protecting account credentials that might be used for fraudulent transactions.
2 Avoid Unprotected WiFi: Free or open-access WiFi is not secure. Cybercriminals can intercept data transferred over unprotected WiFi, including credit card numbers, passwords, account information, and more.
3 Watch out for “lookalike” sites: Attackers create “lookalike” sites imitating familiar brands. These fraudulent sites may sell counterfeit (or non-existent) goods, be infected with malware, or steal money or credentials.
4 Dodge Potential Phishing and Smishing Attacks: Phishing emails lead to unsafe websites that gather personal data, like credentials and credit card data. Watch out for SMS phishing too —aka ‘smishing’ — or messages through social media.
5 Don’t click on links: Go directly to the source of the advertised deal by typing a known website address directly into your browser. For special offer codes, enter them at the checkout to see if they are legitimate.
6 Verify Before You Buy: Fraudulent ads, websites, and mobile apps can be hard to spot. When downloading a new app or visiting an unfamiliar site, take time to read online reviews and any customer complaints.