Published on November 28th, 2019 | by Adrian Gunning
Buyers Beware: Aussie Shoppers Could Be Exposed to Email Fraud this Black Friday and Cyber Monday
Proofpoint, Inc. today released research indicating that 55 percent of Australia’s top 100 online retailers have no published DMARC (Domain-based Message Authentication, Reporting & Conformance) record, making them susceptible to cybercriminals spoofing their brand identity and increasing the risk of email fraud for customers. DMARC, an email authentication protocol, verifies that the purported domain of the email sender has not been impersonated.
More worryingly, only 10 percent of the top online retailers have implemented the strictest level of DMARC protection, which actively blocks fraudulent emails from reaching their intended target, leaving Australian consumers at serious risk of email fraud.
“As the holiday season kicks into high gear, people in all States will be searching the internet and their inboxes for this year’s best bargains. Unfortunately, online retailers may be unknowingly exposing themselves and their customers to cybercriminals on the hunt for personal and financial data,” says Crispin Kerr, Proofpoint Australia Country Manager. “We anticipate cybercriminals will work to exploit the urgency associated with flash sales by using subject lines prompting users to click in haste and will likely try to use stolen branding and spoofed domains to convince shoppers that an email in legitimate.”
Key findings from Proofpoint’s research, which analysed DMARC records for the top 100 Australian shopping sites according to the e-commerce resource site Power Retail, include:
- 55% of the top retailers in Australia currently have no published DMARC record, leaving themselves open to impersonation attacks.
- While 45% have published a DMARC record, only 10% of all observed retailers have implemented the strictest level of DMARC protection, which actually blocks fraudulent emails from reaching their intended target.
“Organisations in all sectors should look to deploy authentication protocols, such as DMARC, to shore up their email fraud defences. Cybercriminals will always leverage key events to drive targeted attacks using social engineering techniques such as impersonation. Ahead of Black Friday and Cyber Monday, we recommend consumers check the validity of all emails, especially on a day when guards are down, and attentions are focused on grabbing seasonal deals,” concluded Kerr.
Email continues to be the vector of choice for cybercriminals and the retail industry remains a key target. In fact, Proofpoint researchers saw a 144% year-over-year increase in email fraud attacks on the retail industry in 2018. Proofpoint recommends consumers follow the six below tips to remain safe online while shopping for seasonal bargains:
- Use strong passwords: Do not use the same password twice. Consider using a password manager to make your online experience seamless, whilst staying safe and protecting account credentials that might be used for fraudulent transactions.
- Avoid Unprotected WiFi: Free or open-access WiFi is not secure. Cybercriminals can intercept data transferred over unprotected WiFi, including credit card numbers, passwords, account information, and more.
- Watch out for “lookalike” sites: Attackers create “lookalike” sites imitating familiar brands. These fraudulent sites may sell counterfeit (or non-existent) goods, be infected with malware, or steal money or credentials.
- Dodge Potential Phishing and Smishing Attacks: Phishing emails lead to unsafe websites that gather personal data, like credentials and credit card data. Watch out for SMS phishing too —aka ‘smishing’ — or messages through social media.
- Don’t click on links: Go directly to the source of the advertised deal by typing a known website address directly into your browser. For special offer codes, enter them at the checkout to see if they are legitimate.
- Verify Before You Buy: Fraudulent ads, websites, and mobile apps can be hard to spot. When downloading a new app or visiting an unfamiliar site, take time to read online reviews and any customer complaints.