HOW CAN BUSINESSES STRENGTHEN SECURITY MEASURES TO SAFEGUARD OPERATIONS AND CUSTOMER DATA DURING PEAK SHOPPING SEASONS ?
E D I T O R ’ S
Q U E S T I O N
HOW CAN BUSINESSES STRENGTHEN SECURITY MEASURES TO SAFEGUARD OPERATIONS AND CUSTOMER DATA DURING PEAK SHOPPING SEASONS ?
roofpoint , a leading cybersecurity and
P compliance company , has released new research revealing that 40 % of the top online retailers in the UK are falling behind on implementing basic cybersecurity measures , leaving customers , staff and partners vulnerable to email fraud during the annual pre-festive shopping season .
Engaging in online deal hunting can leave shoppers vulnerable , with increased email communications from retailers providing cybercriminals with the perfect opportunity to launch phishing attacks and other fraudulent schemes .
The findings are based on Domain-based Message Authentication , Reporting and Conformance ( DMARC ) adoption analysis of the top 30 retailers in the UK . DMARC is an email validation protocol , designed to protect domain names from being misused by cybercriminals , which authenticates the sender ’ s identity before allowing a message to reach its intended destination .
DMARC has three levels of protection – monitor , quarantine and reject , with reject being the most secure for preventing suspicious emails from reaching the inbox .
Key findings from the research include :
• Only 60 % of the UK ’ s top retailers have implemented the recommended and strictest level of DMARC protection ( reject ), which actively blocks fraudulent emails from reaching their intended targets , meaning 40 % are leaving consumers , staff and partners open to email fraud
• 7 % of the UK ’ s top retailers have no protection against domain impersonation , leaving consumers at a heightened risk of email fraud . The data indicates a lack of significant progress in improving email security year over year
• This is a slight improvement on the findings in 2023 , where 47 % of the top retailers were not proactively blocking fraudulent emails from reaching customers
“ Black Friday-themed fraudulent emails often take advantage of recipients ’ desire to cash in on increasingly attractive deals , creating tempting clickbait for users ,” said Matt Cooke ,
Cybersecurity Strategist at Proofpoint . “ These messages may use impersonated branding and tantalising subject lines to convince users to click through , at which point they are often delivered to pages filled with advertising , potential phishing sites , malicious content , or offers for counterfeit goods .
“ As with most things , if an offer seems too good to be true or cannot be verified as legitimate marketing you ’ ve signed up for , recipients should avoid clicking on any links ,” added Cooke .
While individuals are crucial in defending against email fraud , their actions also pose a significant vulnerability for organisations . DMARC is the only technology capable of not just defending against but eliminating domain spoofing and the risk of impersonation . Achieving full DMARC compliance allows organisations to prevent malicious emails from reaching inboxes , thus eliminating the risk of human interference .
We ask global cybersecurity experts about the measures both customers and businesses can use to protect their data during the festive season . www . intelligentfin . tech
25