Security Market Segment LS
Thursday, 28 November 2019 11:22

Warning: Increased risk of online shoppers exposure to email fraud Featured


Australia’s online retailers are susceptible to cybercriminals spoofing their brand identity and increasing the risk of email fraud for customers, according to a new report.

According to research released on Thursday by security firm Proofpoint 55% of Australia’s top 100 online retailers are vulnerable to attacks because they have no published Domain-based Message Authentication, Reporting & Conformance (DMARC) record.

Proofpoint says that, more worryingly, only 10% of the top online retailers have implemented the strictest level of DMARC protection, which actively blocks fraudulent emails from reaching their intended target, leaving Australian consumers at serious risk of email fraud.

“As the holiday season kicks into high gear, people in all States will be searching the internet and their inboxes for this year’s best bargains. Unfortunately, online retailers may be unknowingly exposing themselves and their customers to cybercriminals on the hunt for personal and financial data,” says Crispin Kerr, Proofpoint Australia Country Manager.

“We anticipate cybercriminals will work to exploit the urgency associated with flash sales by using subject lines prompting users to click in haste and will likely try to use stolen branding and spoofed domains to convince shoppers that an email in legitimate.

Key findings from Proofpoint’s research, which analysed DMARC records for the top 100 Australian shopping sites according to the e-commerce resource site Power Retail, include:

  • 55% of the top retailers in Australia currently have no published DMARC record, leaving themselves open to impersonation attacks.
  • While 45% have published a DMARC record, only 10% of all observed retailers have implemented the strictest level of DMARC protection, which actually blocks fraudulent emails from reaching their intended target.

“Organisations in all sectors should look to deploy authentication protocols, such as DMARC, to shore up their email fraud defences. Cybercriminals will always leverage key events to drive targeted attacks using social engineering techniques such as impersonation. Ahead of Black Friday and Cyber Monday, we recommend consumers check the validity of all emails, especially on a day when guards are down, and attentions are focused on grabbing seasonal deals,” concluded Kerr.

Email continues to be the vector of choice for cybercriminals and the retail industry remains a key target. In fact, Proofpoint researchers saw a 144% year-over-year increase in email fraud attacks on the retail industry in 2018.

Proofpoint recommends consumers follow the six below tips to remain safe online while shopping for seasonal bargains:

1 Use strong passwords: Do not use the same password twice. Consider using a password manager to make your online experience seamless, whilst staying safe and protecting account credentials that might be used for fraudulent transactions.

2 Avoid Unprotected WiFi: Free or open-access WiFi is not secure. Cybercriminals can intercept data transferred over unprotected WiFi, including credit card numbers, passwords, account information, and more.

3 Watch out for “lookalike” sites: Attackers create “lookalike” sites imitating familiar brands. These fraudulent sites may sell counterfeit (or non-existent) goods, be infected with malware, or steal money or credentials.

4 Dodge Potential Phishing and Smishing Attacks: Phishing emails lead to unsafe websites that gather personal data, like credentials and credit card data. Watch out for SMS phishing too —aka ‘smishing’ — or messages through social media.

5 Don’t click on links: Go directly to the source of the advertised deal by typing a known website address directly into your browser. For special offer codes, enter them at the checkout to see if they are legitimate.

6 Verify Before You Buy: Fraudulent ads, websites, and mobile apps can be hard to spot. When downloading a new app or visiting an unfamiliar site, take time to read online reviews and any customer complaints.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments