Cybersecurity and compliance company Proofpoint has released research which shows that only 65% of the top 20 retailers in the Middle East have implemented the minimum level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection, meaning 35% are taking no steps to prevent malicious actors spoofing their domain. Worryingly, only 6 out of the top 20 (30%) have the strictest and recommended DMARC policy (‘reject’) in place, meaning 70% are not proactively blocking fraudulent emails from reaching consumers.
With the onset of Ramadan and discount sales, consumers are expected to spend a record breaking $66 billion on retail in the MENA region this year. Millions of shoppers will continue to scour the internet for not only the best Ramadan offers available but will also be inundated with emails promising deals that are too good to miss. Cybercriminals on the prowl often create tempting clickbait for unexpecting consumers and capitalise on the increase in email communication from retailers to trick shoppers with fraudulent emails.
DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals. It is the best way for organizations to protect email traffic against phishing and other fraudulent activity. DMARC authenticates the sender’s identity before allowing the message to reach its intended designation. ‘Reject’ is the strictest and recommended level of DMARC protection, a setting and policy that blocks fraudulent emails from reaching their intended target.
Emile Abou Saleh, Regional Director, Middle East & Africa at Proofpoint, said: “The retail sector in the Middle East continues to remain as vibrant as ever, with statistics showing that profits from grocery, apparel and electronics retail in the GCC are exceeding the global industry average. In fact, consumer spending in KSA was the highest in the region at over $16bn. With this high traffic of retail activity, Middle East retailers must protect their customers and brand from email fraud.”
Emile added: “Email is the vector of choice for cybercriminals and the retail industry remains a key target.Organizations in all sectors should look to deploy authentication protocols, such as DMARC, to shore up their email fraud defences.”
Proofpoint recommends consumers follow the below top tips to remain safe online while shopping for seasonal bargains:
- Use strong passwords: Do not reuse the same password twice. Consider using a password manager to make your online experience seamless, whilst staying safe. Use multi-factor authentication for an added layer of security.
- Watch out for “lookalike” sites: Attackers create “lookalike” sites imitating familiar brands. These fraudulent sites may sell counterfeit (or non-existent) goods, be infected with malware, or steal money or credentials.
- Dodge Potential Phishing and Smishing Attacks: Phishing emails lead to unsafe websites that gather personal data, like credentials and credit card data. Watch out for SMS phishing too —aka ‘smishing’ — or messages through social media.
- Don’t click on links: Go directly to the source of the advertised deal by typing a known website address directly into your browser. For special offer codes, enter them at the checkout to see if they are legitimate.
- Verify Before You Buy: Fraudulent ads, websites, and mobile apps can be hard to spot. When downloading a new app or visiting an unfamiliar site, take time to read online reviews and any customer complaints.