Proofpoint has released research identifying that 65 percent of the top 20 online retailers in the UAE have no published DMARC (Domain-based Message Authentication, Reporting and Conformance) record, making them susceptible to cybercriminals spoofing their identity and increasing the risk of email fraud for customers.
More worryingly, the study noted that only 10 percent have implemented the strictest and recommended level of DMARC protection, which actively blocks fraudulent emails from reaching their intended target, while 90 percent may be putting their online shoppers in the UAE at risk of email fraud.
With the holiday season upon us, online retail traffic is expected to be at a yearly high and consumers will be scanning both the internet and their inboxes for the hottest deals. However, cybercriminals may capitalise on the anticipation of email communication from retailers to potentially trick shoppers with fraudulent emails.
“Online retailers may be exposing themselves and their customers to cybercriminals on the hunt for personal and financial data by not implementing simple, yet effective email authentication best practices,” said Emile Abou Saleh, regional director, Middle East and Africa for Proofpoint. “Email continues to be the vector of choice for cybercriminals and the retail industry remains a key target. In fact, Proofpoint researchers saw a 144 percent year-over-year increase in email fraud attacks on the retail industry in 2018.
Proofpoint analysed eight regions across EMEA in this study, see below ranking:
“Organisations in all sectors should look to deploy authentication protocols, such as DMARC to shore up their email fraud defences. Cybercriminals will always leverage key events to drive targeted attacks using social engineering techniques such as impersonation and online retailers are no exception to this. Consumers must be vigilant in checking the validity of all emails, especially on a day when guards are down, and attentions are focused on grabbing seasonal bargains,” said Abou Saleh.
Proofpoint’s Domain Fraud Report 2019 also demonstrates how email is heavily used as a threat vector in the retail industry, with the report revealing that for fraudulent domains impersonating highly recognisable retail brands, Proofpoint researchers observed much higher volumes of email, suggesting more broad-based attacks against customers and partners.