SYDNEY, Australia – 21 November 2022 – With days to go until the start of the Black Friday and Cyber Monday shopping period, Proofpoint, a leading cybersecurity and compliance company, released today new research which has found one quarter (25%) of Australia’s top 100 online retailers are not taking appropriate measures to protect consumers from potential email fraud and cyber crime.

According to the Australian Retailers Association, Australians are expected to spend a record $6.2 billion over the four-day shopping weekend, a $200 million increase on 2021. In the lead up, Australians are being urged to stay cyber safe in a year of record scam activity with the ACCC (Australian Competition and Consumer Commission) reporting online shopping scams have been the third most reported type of scam in 2022, with over 13,000 reports and more than $6.6 million in losses¹.

Proofpoint’s analysis of Power Retail’s Top 100 retailers for 2022 and their adoption of Domain-based Message Authentication, Reporting and Conformance (DMARC²) a widely used protocol that helps guarantee the identity of email communications and protects website domain names from being misused, has found:

• One quarter (25%) of online retailers have no DMARC record in place, leaving Australians open to email fraud.
• Almost a quarter (23%) of online retailers have implemented the highest level of protection to reject suspicious emails from reaching consumers’ inboxes.
• 43% of online retailers have implemented a monitor policy, meaning unqualified emails still get to the recipient’s inbox.
• 9% have implemented a quarantine policy to direct unqualified emails to spam/junk folders.

DMARC authenticates an email sender’s identity before allowing a message to reach its intended destination, to make sure the sender is who they say they are to prevent cyber criminals from impersonating a trusted company or brand.

Steve Moros, Senior Director, Advanced Technology Group, Asia Pacific and Japan at Proofpoint said:

“The influx of emails from brands offering great deals during the Black Friday and Cyber Monday shopping period makes it an opportune time for cyber criminals to capitalise on the spike in email traffic and target shoppers with creative and convincing lures. As Australians search the internet and check their inboxes for the latest shopping bargains, it's important to remain vigilant and keep safe shopping practices front of mind.

“Email is a widely used marketing tool and therefore a popular channel for cyber criminals to leverage to conduct large-scale phishing campaigns to steal personal information or credit card details that can then be used to engage in identity and financial fraud. DMARC is widely viewed as best-practice in preventing suspicious emails from reaching the inbox, yet our research shows one in four retailers aren’t protected. This leaves them open to being impersonated by cyber criminals who can then deliver malicious emails to consumers’ inboxes.”

The Australian Cyber Security Centre’s Annual Cyber Threat Report revealed that cyber crime reports increased nearly 13% in 2021, to 76,000 – or one report every seven minutes. Fraud, online shopping, and online banking were the top reported cyber crime types, accounting for 54% of all reports.

“The recent spate of high-profile cyber attacks has demonstrated the unfortunate consequences of cyber criminal activity and so our advice to Australians is to take extra care this shopping season, avoid clicking on suspicious links in emails and make sure to only shop through verified websites. Additionally, we encourage Australians to make sure they are doing their due diligence when shopping not just during Black Friday and Cyber Monday but whenever they’re spending money and giving out personal and financial information online,” concluded Mr Moros.

Proofpoint’s tips to stay safe when shopping online:

• Use strong passwords – Do not reuse the same password twice. Consider using a password manager to make your online experience seamless, whilst staying safe. Use two-factor authentication whenever possible.
• Avoid unprotected WiFi – Free/open-access WiFi is not secure: cyber criminals can intercept data transferred over unprotected WiFi, including credit card numbers, passwords, account information, and more.
• Watch out for ‘lookalike’ sites – Attackers create “lookalike” sites imitating familiar brands. These fraudulent sites may sell counterfeit (or non-existent) goods, be infected with malware, or steal money or credentials.
• Dodge phishing and smishing attacks – Phishing emails lead to unsafe websites that gather personal data, like credentials and credit card data. Watch out for SMS phishing too — aka ‘smishing’ — or messages through social media.
• Don’t click on links – Go directly to the source of the advertised deal by typing a known website address directly into your browser. For special offer codes, enter them at the checkout to see if they are legitimate.
• Verify before you buy – Fraudulent ads, websites, and mobile apps can be hard to spot. When downloading a new app or visiting an unfamiliar site, take time to read online reviews and any customer complaints.

What is DMARC?

DMARC is an open email authentication protocol designed to protect domain names from being misused by cyber criminals. It authenticates the sender's identity before allowing the message to reach its intended recipient. Organisations using a DMARC protocol can implement three levels of policy for unqualified emails attempting to spoof their domains:

1.     Monitor (allows unqualified emails to go to the recipient's inbox or other folders).

2.     Quarantine (directs unqualified emails to go to the junk or spam folder).

3.     Reject, the highest level of protection (blocks unqualified emails from getting to the recipient).

# # #

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 75 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube 

###

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

¹ Australian Competition and Consumer Commission’s Scamwatch Scam Statistics: 1 January 2022 – 30 September 2022

² What is DMARC?