Beware of cybercriminals this Black Friday – Online shoppers in the UAE at risk of email fraud
- As ecommerce surges towards annual peak, online shoppers are more vulnerable to receiving fraudulent emails from their favourite retailers.
- 85 percent of the top 20 online retailers in the UAE are not actively blocking fraudulent emails from reaching customers
Dubai, United Arab Emirates, 22 November, 2020 – Proofpoint, Inc., (NASDAQ: PFPT) a leading cyber security and compliance company, today released research identifying that 13 of the top 20 online retailers in the UAE (65 percent), have no published DMARC (Domain-based Message Authentication, Reporting & Conformance) record. This makes them susceptible to cybercriminals spoofing their identity and increases the risk of email fraud for their customers.
Despite this, only 15 percent of leading retailers – or 3 out of the top 20 – have implemented the strictest and recommended level of DMARC protection, which actively blocks fraudulent emails from reaching their intended target. Worryingly, 85 percent of leading online retailers are not proactively blocking fraudulent emails, leaving their customers in the UAE vulnerable to email fraud.
Cybercriminals regularly use the method of domain spoofing to pose as well-known brands, by sending an email from a supposedly legitimate sender address. These emails are designed to trick people into clicking on links or sharing personal details which can then be used to steal money or identities and it can be almost impossible for an ordinary Internet user to identify a fake sender from a real one. Having a DMARC policy in place, protects employees, customers, and partners from cybercriminals looking to impersonate a trusted domain.
In 2020, online shopping has grabbed an ever-increasing market share, given the changing dynamics of retail in the COVID-19 era. According to Kearney Middle East, the e-commerce sector in the GCC is expected to reach $50bn by 2025, and the current pandemic has been the main driver for this growth. With Black Friday (November 27) and Cyber Monday (November 30) approaching, online retail traffic is expected to surge to an annual high, as consumers scour the Internet and scan their inboxes for the hottest deals.
Emile Abou Saleh, Regional Director, Middle East and Africa for Proofpoint, said: “Retailers should prioritise protecting themselves and their customers by implementing simple, yet effective email authentication best practices. Ahead of Black Friday and Cyber Monday, consumers must remain vigilant and check the validity of all emails, especially at a time when their attention is more likely to be focused on grabbing the best deals. With greater numbers of people now online, organisations in all sectors should deploy authentication protocols, such as DMARC, to bolster their email fraud defences and protect customers and businesses.”
Cybercrime is a real threat facing millions of online shoppers this festive season. Cybercriminals typically leverage key events to drive targeted attacks using social engineering techniques such as impersonation. Email remains the vector of choice for cybercriminals and the retail industry a key target. As shoppers anticipate deals over emails from retailers during this time, cybercriminals send fraudulent emails, and steal personal or financial data.
For many organisations, the road to easing email fraud risk is paved with DMARC (Domain-based Message Authentication, Reporting and Conformance), an email protocol being adopted globally as the passport control of the email security world. It verifies that the purported domain of the sender has not been impersonated. DMARC verification relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the domain. This authentication protects employees, customers, and partners from cybercriminals looking to impersonate a trusted domain.
To find out more about DMARC, visit https://www.proofpoint.com/uk/products/email-fraud-defence.
To assess the level of DMARC adoption among online retailers in the Middle East, Proofpoint conducted an analysis of the primary corporate domains of the top 20 online retailers.
About Proofpoint, Inc.
Proofpoint, Inc. (NASDAQ: PFPT) is a leading cybersecurity company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint’s people-centric security and compliance solutions to mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.