Online shoppers in the UK at risk of email fraud this Black Friday and Cyber Monday

60 percent of the UK’s top ten online retailers are not actively blocking fraudulent emails from reaching customers

Proofpoint, Inc., (NASDAQ: PFPT) a leading cyber security and compliance company, today released research identifying that only four of the top 10 (40 percent) online retailers in the UK have implemented the strictest level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection, which protects them from cybercriminals spoofing their identity and decreases the risk of email fraud for customers.  Worryingly, this leaves online shoppers at 60 percent of top retailers in the UK open to email fraud.

With Black Friday upon us, and over half of UK consumers set to shop on the day, shoppers will be scanning both the internet and their inboxes for the hottest deals. However, cybercriminals may capitalise on the anticipation of email communication from retailers to potentially trick shoppers with fraudulent emails.

Online retailers may be exposing themselves and their customers to cybercriminals on the hunt for personal and financial data, by not implementing simple, yet effective email authentication best practices,” says Adenike Cosgrove, cybersecurity strategist, International, Proofpoint. “Email continues to be the vector of choice for cybercriminals and the retail industry remains a key target. In fact, Proofpoint researchers saw a 144 percent year-over-year increase in email fraud attacks on the retail industry in 2018.

Key findings from the research include:

  • The UK is leading the charge with DMARC adoption in the ecommerce sector across Europe, with 100 percent of the top ten online retailers in the UK having a published a DMARC record.
  • However, only 40 percent have implemented the strictest level of DMARC protection, which actually blocks fraudulent emails from reaching their intended targets, meaning 60 percent are leaving customers open to email fraud.
  • The UK’s adoption of the recommended level of DMARC protection in the eCommerce sector is stronger than the European-wide percentage: Only 15 percent of the top 20 European-wide online retailers are proactively blocking fraudulent emails from reaching customers, meaning 85 percent of Europe's top online retailers are leaving customers open to email fraud.
  • Proofpoint analysed eight regions across EMEA in this study, see below for how they rank against each other:

Organisations in all sectors should look to deploy authentication protocols, such as DMARC to shore up their email fraud defences. Cybercriminals will always leverage key events to drive targeted attacks using social engineering techniques such as impersonation and online retailers are no exception to this. Ahead of Black Friday, consumers must be vigilant in checking the validity of all emails, especially on a day when guards are down, and attentions are focused on grabbing seasonal bargains”, says Adenike Cosgrove, cybersecurity strategist, International, Proofpoint.

Proofpoint’s Domain Fraud Report 2019 also demonstrates how email is heavily used as a threat vector in the retail industry, with the report revealing that for fraudulent domains impersonating highly recognisable retail brands, Proofpoint researchers observed much higher volumes of email, suggesting more broad-based attacks against customers and partners.

Proofpoint recommends consumers follow the below top tips to remain safe online while shopping for seasonal bargains:

About DMARC:

For many organisations, the road to easing email fraud risk is paved with DMARC (Domain-based Message Authentication, Reporting and Conformance), an email protocol being adopted globally as the passport control of the email security world. It verifies that the purported domain of the sender has not been impersonated.  DMARC verification relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the domain. This authentication protects employees, customers, and partners from cybercriminals looking to impersonate a trusted domain.

To find out more about DMARC, visit


To assess the level of DMARC adoption among online retailers in the UK, Proofpoint conducted an analysis of the primary corporate domains of the top 10 online retailers, as outlined in the Top 10 e-commerce Sites in the UK 2019 by Disfold. The analysis of the top 20 Europe-wide online retailers was carried out based on the Top 100 e-commerce retailers in Europe by Retail-Index. All analyses were carried out in November 2019.


About Proofpoint, Inc.

Proofpoint, Inc. (NASDAQ: PFPT) is a leading cybersecurity company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyberattacks. Leading organisations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint’s people-centric security and compliance solutions to mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.