Canadian Shoppers at Risk of Email Fraud this Black Friday and Cyber Monday

Proofpoint PSAT Holiday Awareness Kit

72 percent of online retailers in Canada are not actively blocking fraudulent emails from reaching consumers

TORONTO, Canada – November, 20 2023 – With days to go until the start of the Black Friday and Cyber Monday shopping period, Proofpoint, a leading cybersecurity and compliance company, today released new research revealing nearly three-quarters (72%) of the top 50 online retailers in Canada are not taking appropriate measures to protect consumers from potential email fraud and cybercrime.

Last year, Canadians spent an estimated $10.3 billion during Cyber Week. This year, nine in ten Canadians plan to shop this holiday season, expecting to spend nearly $900 on gifts, clothing, food, and toys between Black Friday and Cyber Monday according to a recent survey by the Retail Council of Canada.

Proofpoint’s analysis of the top 50 online retailers in Canada based on website traffic and their adoption of DMARC, a widely-used authentication protocol that helps guarantee the identity of email communications and protects website domain names from being spoofed and misused, has found:

  • Only 28% of online retailers have implemented the highest level of protection to reject suspicious emails from reaching consumers’ inboxes, meaning 72% of online retailers in Canada are not actively blocking fraudulent emails from reaching consumers.
  • 30% have no DMARC record in place at all
  • 28% have implemented a monitor policy, meaning unqualified emails can still arrive in the recipient’s inbox; and only 14% have implemented a quarantine policy to direct unqualified emails to spam/junk folders.

“The influx of emails from brands offering great deals during the Black Friday and Cyber Monday shopping period makes it an opportune time for cyber criminals to capitalize on the spike in email traffic and target shoppers with creative and convincing lures and scams,” said Robert Holmes, group vice president and general manager of Proofpoint’s Sender Security and Authentication business. “As consumers search the internet and check their inboxes for the latest shopping bargains, it's important to remain vigilant and practice safe online shopping. Remember that, even on Black Friday and Cyber Monday, if it seems too good to be true, it probably is!”

Email is a widely used marketing tool and a popular channel for cyber criminals to leverage to conduct large-scale phishing campaigns to steal personal information or credit card details that can then be used to engage in identity and financial fraud. DMARC is widely viewed as best-practice in preventing suspicious emails from reaching the inbox, yet nearly one-third of Canada’s leading online retailers aren’t protected, allowing malicious actors to impersonate their brand by delivering malicious emails to consumers’ inboxes.

DMARC (Domain-based Message Authentication, Reporting and Conformance) authenticates an email sender’s identity before allowing a message to reach its intended destination, ensuring the sender is who it says it is to prevent cybercriminals from impersonating a trusted company or brand.

Against this backdrop, Google and Yahoo! recently announced that beginning in February 2024, email DMARC authentication will be required to send messages from their platforms, signaling that critical steps are being taken to prevent spam and scams. These security requirements will apply especially to accounts that send large volumes of emails per day, such as retailers, which will need to have the DMARC authentication protocol deployed. Failure to comply will significantly impact the deliverability of legitimate messages to customers with Gmail and Yahoo! accounts.

“Our 2023 State of the Phish Report revealed that more than a quarter of Canadians think an email is safe if it merely includes familiar branding,” added Holmes. “We encourage Canadians to take extra care this shopping season, avoid clicking on suspicious links in emails and ensure they shop through verified websites. We also encourage consumers to make sure they are doing their due diligence when shopping—not just during Black Friday and Cyber Monday, but whenever they’re spending money and providing personal and financial information online.”

Proofpoint’s tips to stay safe when shopping for seasonal bargains this holiday season:

  • Use Multifactor Authentication (MFA) or a Password Manager: MFA and password managers were invented because passwords and usernames are often easy to guess or steal. Employing MFA and a password manager streamlines your online experience while helping to secure your online accounts.
  • Beware of Imitation Sites: Be vigilant for fraudulent websites that mimic reputable brands. These copycat sites might peddle counterfeit or non-existent products, host malware, or attempt to pilfer money and credentials.
  • Dodge Phishing and Smishing Threats: Stay alert to phishing emails that lead to unsafe websites designed to collect personal data, including login credentials and credit card details. Also, be wary of SMS phishing, or 'smishing,' and messages received through social media.
  • Refrain from Clicking on Links: Avoid clicking on links and instead, directly type the known website address into your browser to access advertised deals. For special offer codes, enter them during the checkout process to verify their legitimacy.
  • Verify Before Making a Purchase: Fraudulent advertisements, websites, and mobile apps can be deceptively convincing. Prior to downloading a new app or visiting an unfamiliar website, invest time in reading online reviews and checking for customer complaints.

To find out more about DMARC, visit:

Methodology: This analysis was conducted in October 2023 using data from SimilarWeb's ranking of the top 50 online retailers in Canada based on website traffic. 

# # #

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at

Connect with Proofpoint: X | LinkedIn | Facebook | YouTube 

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.