Security Market Segment LS
Thursday, 28 November 2019 11:22

Warning: Increased risk of online shoppers exposure to email fraud Featured


Australia’s online retailers are susceptible to cybercriminals spoofing their brand identity and increasing the risk of email fraud for customers, according to a new report.

According to research released on Thursday by security firm Proofpoint 55% of Australia’s top 100 online retailers are vulnerable to attacks because they have no published Domain-based Message Authentication, Reporting & Conformance (DMARC) record.

Proofpoint says that, more worryingly, only 10% of the top online retailers have implemented the strictest level of DMARC protection, which actively blocks fraudulent emails from reaching their intended target, leaving Australian consumers at serious risk of email fraud.

“As the holiday season kicks into high gear, people in all States will be searching the internet and their inboxes for this year’s best bargains. Unfortunately, online retailers may be unknowingly exposing themselves and their customers to cybercriminals on the hunt for personal and financial data,” says Crispin Kerr, Proofpoint Australia Country Manager.

“We anticipate cybercriminals will work to exploit the urgency associated with flash sales by using subject lines prompting users to click in haste and will likely try to use stolen branding and spoofed domains to convince shoppers that an email in legitimate.

Key findings from Proofpoint’s research, which analysed DMARC records for the top 100 Australian shopping sites according to the e-commerce resource site Power Retail, include:

  • 55% of the top retailers in Australia currently have no published DMARC record, leaving themselves open to impersonation attacks.
  • While 45% have published a DMARC record, only 10% of all observed retailers have implemented the strictest level of DMARC protection, which actually blocks fraudulent emails from reaching their intended target.

“Organisations in all sectors should look to deploy authentication protocols, such as DMARC, to shore up their email fraud defences. Cybercriminals will always leverage key events to drive targeted attacks using social engineering techniques such as impersonation. Ahead of Black Friday and Cyber Monday, we recommend consumers check the validity of all emails, especially on a day when guards are down, and attentions are focused on grabbing seasonal deals,” concluded Kerr.

Email continues to be the vector of choice for cybercriminals and the retail industry remains a key target. In fact, Proofpoint researchers saw a 144% year-over-year increase in email fraud attacks on the retail industry in 2018.

Proofpoint recommends consumers follow the six below tips to remain safe online while shopping for seasonal bargains:

1 Use strong passwords: Do not use the same password twice. Consider using a password manager to make your online experience seamless, whilst staying safe and protecting account credentials that might be used for fraudulent transactions.

2 Avoid Unprotected WiFi: Free or open-access WiFi is not secure. Cybercriminals can intercept data transferred over unprotected WiFi, including credit card numbers, passwords, account information, and more.

3 Watch out for “lookalike” sites: Attackers create “lookalike” sites imitating familiar brands. These fraudulent sites may sell counterfeit (or non-existent) goods, be infected with malware, or steal money or credentials.

4 Dodge Potential Phishing and Smishing Attacks: Phishing emails lead to unsafe websites that gather personal data, like credentials and credit card data. Watch out for SMS phishing too —aka ‘smishing’ — or messages through social media.

5 Don’t click on links: Go directly to the source of the advertised deal by typing a known website address directly into your browser. For special offer codes, enter them at the checkout to see if they are legitimate.

6 Verify Before You Buy: Fraudulent ads, websites, and mobile apps can be hard to spot. When downloading a new app or visiting an unfamiliar site, take time to read online reviews and any customer complaints.


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments