The £366bn UK retail market is leaving its customers wide open to email fraud, with a new analysis showing that just 2.1% of the top 479 retailers employ basic protection measures to prevent their domains from being spoofed by fraudsters.
Red Sift analysed the domains of top retailers last year, and again in 2018, to check whether they had deployed the email protocol Dmarc, required to negate the threat of email domain impersonation. Only 1% of retailers had implemented the protocol in 2017.
Dmarc is a globally recognised email standard that makes it easier to determine whether an email is from a legitimate sender, and is strongly advocated for by both the UK Government and the National Cyber Security Centre.
With the sector facing the highest number of breach incidents last year, compared to other areas of the UK economy, the Red Sift insists the study’s findings serve as a stark reminder about the threat of email fraud for both retailers and their customers.
As huge volumes of personal data and billing information continued to be stored by the biggest names in UK retail, Red Sift’s increasing the risk of email impersonation, costly breaches and reputational damage.
“Email isn’t only the go-to channel of communication for customer engagement in retail, it’s also used to confirm transactions, exchange payment data and request shipping information. That’s why it’s such a lucrative route for fraudsters to steal customers’ data and money,” said Randal Pinto, COO at Red Sift.
“Sadly, our nation’s favourite brands fall into the 98% of retailers not protecting their domains – which means that we should all be vigilant about the emails we receive, regardless of how legitimate they appear.”
“At a time when UK retailers are under greater scrutiny than ever before – from GDPR to the challenges faced on our high streets – firms must do everything they can to secure customer trust,” continued Pinto. “The Dmarc implementation process no longer needs to be a headache for organisations, so it’s time the retail industry fought back by taking proactive steps to stamp out email fraud and restore confidence among consumers.”
Related stories
UK firms ‘leaving themselves wide open to ransomware’
Firms warned over new wave of nefarious cyber attacks
Data breaches ‘hit shares, sales and growth for years’
