Holiday shoppers face rising risks as email fraud targets weak retailer security

Someone using an ecommerce website on their laptop.

(Image credit: 123RF)

Report claims 40% of retailers fail to meet email security standards
DMARC adoption gaps leave shoppers exposed to phishing attacks
Retailers’ weak protections heighten risks during sales

As shoppers prepare for another season of online deals, new research from Proofpoint reveals a concerning vulnerability among leading retailers.

The findings claim 40% of the UK’s top online retailers have yet to adopt stringent secure email measures, leaving customers exposed to phishing attacks and other email fraud risks.

With an estimated £800 million in increased spending anticipated this year, cybercriminals are ready to exploit the surge in digital transactions.

Weak email security exposes shoppers

Proofpoint’s analysis centers on the adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocols among the top 30 UK retailers. DMARC authenticates the sender’s identity and helpts to prevent malicious emails from reaching consumers.

However, only 60% of these retailers have implemented the strictest level of DMARC protection, which actively blocks fraudulent messages. Alarmingly, 7% of retailers have no DMARC protection at all, leaving their domains wide open to impersonation and fraud.

While there has been some progress compared to 2023, when 47% of retailers lacked proactive measures, the current level of non-compliance remains a significant concern. The pre-festive shopping season, marked by Black Friday and Cyber Monday, is prime time for cybercriminals to launch attacks.

Fraudulent emails masquerading as legitimate offers from well-known brands are common tactics used to lure unsuspecting shoppers. These emails often contain malicious links, direct users to counterfeit websites, or request sensitive personal information under the guise of verifying purchases.

Proofpoint also warns against "smishing," or phishing via SMS, as well as social media scams which exploit shoppers’ eagerness to find bargains.

Proofpoint recommends that shoppers avoid reusing passwords across different platforms and use a password manager which simplifies password management while improving overall security. Adding multi-factor authentication to your accounts also provides an extra layer of defense.

Rather than clicking on links embedded in emails or messages, Proofpoint recommends that shoppers manually enter the retailer's official web address into a web browser, and to research unfamiliar sites by reading customer reviews and checking for complaints.

These are the best business laptops around today
Take a look at our guide to the best 3D printers
Forcing workers to return to the office has led to firms losing their best employees

TOPICS

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com