London, UK – 21 November 2023 – Proofpoint, Inc., a leading cyber security and compliance company, today released new research revealing that 40% of the top online retailers in the UK are falling behind on implementing basic cybersecurity measures, leaving customers, staff and partners vulnerable to email fraud during the annual pre-festive shopping season – which kicks off with Black Friday and Cyber Monday later this month. 

Brits are expected to spend £800 million more during this selling period than in 2023 – but engaging in online deal hunting can leave shoppers vulnerable, with increased email communications from retailers providing cybercriminals with the perfect opportunity to launch phishing attacks and other fraudulent schemes. 

The findings are based on Domain-based Message Authentication, Reporting and Conformance (DMARC) adoption analysis of the top 30 retailers in the UK. DMARC is an email validation protocol, designed to protect domain names from being misused by cybercriminals, which authenticates the sender's identity before allowing a message to reach its intended destination. DMARC has three levels of protection – monitor, quarantine and reject, with reject being the most secure for preventing suspicious emails from reaching the inbox. 

Key findings from the research include: 
•    Only 60% of the UK’s top retailers have implemented the recommended and strictest level of DMARC protection (reject), which actively blocks fraudulent emails from reaching their intended targets, meaning 40% are leaving consumers, staff and partners open to email fraud.
•    7% of the UK’s top retailers have no protection against domain impersonation, leaving consumers at a heightened risk of email fraud. The data indicates a lack of significant progress in improving email security year over year. 
•    This is a slight improvement on the findings in 2023, where 47% of the top retailers were not proactively blocking fraudulent emails from reaching customers. 

“Black Friday-themed fraudulent emails often take advantage of recipients’ desire to cash in on increasingly attractive deals, creating tempting clickbait for users. These messages may use impersonated branding and tantalising subject lines to convince users to click through, at which point they are often delivered to pages filled with advertising, potential phishing sites, malicious content, or offers for counterfeit goods. As with most things, if an offer seems too good to be true or cannot be verified as legitimate marketing you've signed up for, recipients should avoid clicking on any links," said Matt Cooke, Cybersecurity Strategist at Proofpoint.

While individuals are crucial in defending against email fraud, their actions also pose a significant vulnerability for organisations. DMARC is the only technology capable of not just defending against but eliminating domain spoofing and the risk of impersonation. Achieving full DMARC compliance allows organisations to prevent malicious emails from reaching inboxes, thus eliminating the risk of human interference.

Proofpoint advises consumers adhere to the below top tips to remain safe online while shopping for seasonal bargains:

•    Passwords need protecting:  Avoid reusing the same password. Utilise a password manager to simplify your online activities while ensuring security and further enhance protection by implementing multi-factor authentication.
•    Remain vigilant about imitation sites: Be wary of fake websites that imitate well-known brands. These fraudulent sites may sell counterfeit or non-existent items, distribute malware, or try to steal money and personal information.
•    Avoid phishing and smishing threats: Remain vigilant for phishing emails that direct to unsafe websites aiming to gather personal data, such as login credentials and credit card details. Also, exercise caution with SMS phishing ('smishing') and messages received via social media. 
•    Don't click on links: Refrain from clicking on links; instead, manually enter the known website address into your browser to access advertised deals. When using special offer codes, input them during the checkout process to confirm their authenticity. 
•    Confirm before making a purchase: Deceptive advertisements, websites, and mobile apps can appear convincing. Before downloading a new app or visiting an unfamiliar website, take the time to read online reviews and check for customer complaints. 

To find out more about DMARC, visit https://www.proofpoint.com/uk/products/email-fraud-defence.

Methodology:
This analysis was conducted in November 2024 using data from The UK’s top 30 ecommerce retailers. 

###

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including 85% of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.  

Connect with Proofpoint: X | LinkedIn | Facebook | YouTube  

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.