roofpoint , a leading cybersecurity

Brits are expected to spend £ 800 million more during this selling period than in 2023 – but engaging in online deal hunting can leave shoppers vulnerable , with increased email communications from retailers providing cybercriminals with the perfect opportunity to launch phishing attacks and other fraudulent schemes .

The findings are based on Domain-based Message Authentication , Reporting and Conformance ( DMARC ) adoption analysis of the top 30 retailers in the UK . DMARC is an email validation protocol , designed to protect domain names from being misused by cybercriminals , which authenticates the sender ’ s identity before allowing a message to reach its intended destination .

DMARC has three levels of protection – monitor , quarantine and reject , with reject being the most secure for preventing suspicious emails from reaching the inbox .

Key findings from the research include :

• Only 60 % of the UK ’ s top retailers have implemented the recommended and strictest level of DMARC protection ( reject ), which actively blocks fraudulent emails from reaching their intended targets , meaning 40 % are leaving consumers , staff and partners open to email fraud

• 7 % of the UK ’ s top retailers have no protection against domain impersonation , leaving consumers at a heightened risk of email fraud . The data indicates a lack of significant progress in improving email security year over year

• This is a slight improvement on the findings in 2023 , where 47 % of the top retailers were not proactively blocking fraudulent emails from reaching customers

“ Black Friday-themed fraudulent emails often take advantage of recipients ’ desire to cash in on increasingly attractive deals , creating tempting clickbait for users ,” said Matt Cooke , Cybersecurity Strategist at Proofpoint . “ These messages may use impersonated branding and tantalising subject lines to convince users to click through , at which point they are often delivered to pages filled with advertising , potential phishing sites , malicious content , or offers for counterfeit goods .

“ As with most things , if an offer seems too good to be true or cannot be verified as legitimate marketing you ’ ve signed up for , recipients should avoid clicking on any links ,” added Cooke .

While individuals are crucial in defending against email fraud , their actions also pose a significant vulnerability for organisations . DMARC is the only technology capable of not just defending against but eliminating domain spoofing and the risk of impersonation . Achieving full DMARC compliance allows organisations to prevent malicious emails from reaching inboxes , thus eliminating the risk of human interference .

We ask global cybersecurity experts about the measures both customers and businesses can use to protect their data during the festive season .

WWW . INTELLIGENTCISO . COM 27