Feb 23, 2018Industry insights,
E-retailers Open Customers to Phishing
We’ve seen it time and again: spoof emails being used as a phishing tactic to infiltrate a user’s account details, steal their information and in some cases spy on them. But what if you knew it was flaws in the online websites of some of the top high street brands? These are brands that we know, we love and most importantly we trust. Brands like Debenhams that only a few months ago reported a phishing scam that sent their customers e-receipts for items they had not purchased.
This issue is escalating because of three things, a perfect storm if you will of ‘opportunity’, ‘malicious intent’ and ‘previous successes’. In other words, the more success these hackers have using phishing tactics the more determined they are to do more. Equally as brands communicate more online, they leave their brand identity exposed to be copied and used in malicious ways.
Many UK and European brands are putting their customers at unnecessary risk by not implementing email security policies such as domain-based message authentication reporting and conformance (DMARC) or the Sender Policy Framework (SPF). These are protocols that have been created to prevent sender address forgery (phishing) by detecting spoofing attempts.
Many retailers do use some form of email authentication on their domains, however there are equally some brands, 12.2%* in the EU to be exact, that have failed to implement the correct protocols for email security and as a result could be leaving their customers exposed to the risk of being conned.
With phishing tactics prevalent and arguably the most common form of cyber-crime, it’s crucial that brands realise the importance of implementing email security protocol such as DMARC or SPF. It’s not just vital for the ongoing security improvements for their customers, but will be an important factor in ensuring the brand is able to preserve and install greater levels of consumer trust.
*Info Security Group