Email has now become one of the most vital tools of communication, essential in our everyday lives and relied upon for both personal and professional use. It comes as no surprise that approximately 269 billion emails are sent daily and this figure will continue to grow by an estimated 4% over the next few years.
For online and high street retailers, email plays a crucial part in how they do business both internally and externally which is why it was shocking to learn that in 2017, 99% of the top 479 UK retailers remained vulnerable to email fraud without the necessary means of cybersecurity in place.
What’s more surprising is that with so many high-profile breaches being reported and with GDPR firmly in place earlier this year, this number of vulnerable retailers only fell to 97.9% in 2018. With Cyber Monday fast approaching, and now the biggest online shopping day of the year, retailers will be relying on email more than ever and online security is needed to ensure purchases do not cost customers more than their hard-earned cash.
Email is not only the go-to channel of communication for customer engagement, it’s also used to confirm transactions, exchange payment data and request shipping information. With it being so broadly used by retailers it becomes an easy route in for fraudsters, enabling them to target individuals to steal data, money or even put a stop to retail operations altogether.
For retailers, success is dependent on positive customer relations – consumers trust organisations with their personal data and bank details, and a breach of this trust is harmful to any business, its reputation, and its bottom-line. In the UK, 75% of adults admit that they would stop doing business with a company altogether if it was hacked showing just how much consumers value their data security and how breaking their trust is unforgettable.
Companies that fail to understand the risks associated with email and underestimate the consequences, leave themselves open to a number of potential threats. Commonly, hackers are able to mimic email addresses using a domain name that is similar to that of the companies; this is known as ‘recipient fraud’ and is visible to an individual should they check the address of the sender (e.g. @ret4iler.com as opposed to @retailer.com).
More sophisticated hackers are able to easily spoof domain names directly, in a way that makes it impossible for the recipient to distinguish an authentic email from a disingenuous one; this is commonly known as ‘sender fraud’. This type of fraud allows the hacker to email a customer or employee and ask for private data, more commonly known as a phishing scam. Where a company has no protection or method of email verification the request looks legitimate and the hacker is often successful in their mission. Using this method, fraudsters are able to acquire money and information seemingly on behalf of the company.
Red Sift’s research into the state of cybersecurity in the retail sector was based on whether the brand had a basic email protocol in place which would be able to negate the threat of email domain impersonation. Domain-based message authentication, reporting and conformance (DMARC) is a globally recognised email standard that makes it easier to determine whether an email is from a legitimate sender.
DMARC has already been widely adopted by most email receivers (Gmail, Yahoo, Microsoft etc) meaning that customer inboxes are already protected. If retailers also deployed the protocol, their emails would be validated and phishing attacks would be stopped at the gateway. Not only does DMARC protect the reputation of an organisation, but also improves deliverability as email service providers are placing more and more unverified emails into junk folders to safeguard their users.
Despite being a globally-recognised standard of verification, as little as 2.1% of the top 500 retailers have DMARC fully deployed in 2018, meaning that an astonishing number have little or no protection against email fraud. Resistance towards adopting DMARC is likely to occur due to the daunting task of implementing the protocol, however, there are a number of services to help retailers deploy, manage and maintain DMARC to ensure they are fully protected.
With the majority of customer interactions taking place over email, and only set to grow, retailers must deploy appropriate security solutions to protect their own reputation and maintain a good relationship with their valuable customers.
By Randal Pinto, COO for Red Sift, which uses open an cloud platform to deliver innovative products that protect everyone against cyber attacks.