94% of retailers open to phishing attacks: what we can do to close the net


This article is brought to you by Retail Technology Review: 94% of retailers open to phishing attacks: what we can do to close the net.

By Sabrina Evans, Content Manager at Red Sift.

Last year Trustwave found that almost a quarter of all cyberattacks are aimed at the retail sector, and it’s really no surprise why. Retailers are in constant communication with their customers via email, and retail databases are some of the biggest housers of sensitive customer data and personal information on the planet. Put these qualities together, and it’s hard to imagine a sector more vulnerable to the dangers of email-based cyberattacks.

90% of cyberattacks begin with a phishing email, and these are becoming more sophisticated and targeted every day. While there are several different techniques for carrying these out, they almost always have the same goal: to steal money, valuable data or bring business operations to a grinding halt.

Yet, of the top 287 global retailers, only 6% have fully implemented DMARC, meaning the remaining 94% are highly vulnerable to impersonation attacks and the implications attached. The right email security is a must for retail, and all players need to start recognizing that correct DMARC configuration is the first line of defence for the long-term cyber posture of their companies and the wider sector.

DMARC is an essential component for retail cyber defence

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. This is an email authentication protocol which protects domains from exact impersonation. When it’s properly configured at p=reject, it uses protocols SPF and DKIM to ensure that the emails sent using your domain are legitimate. This stops hackers from impersonating your brand, phishing your supply chain and damaging your reputation.

The consequences of impersonation attacks on retailers can be dire. While stolen money can usually be recovered or replaced, stolen data can create far more serious problems. Hefty fines, irreparable reputational damage, and loss of consumer confidence have all been known to spell the end for some retail firms. This isn’t surprising, considering 67% of people trust a company less after a data breach, and 22% won’t buy from a company after it’s been hacked.

So, how can retailers avoid this fate? Instead of mitigating a loss after a breach happens, these businesses need to take the necessary steps now to prevent cyberattacks in the first instance. Many organizations assume that their existing email systems will adequately protect them, but anti-spam and anti-malware products can’t stop email impersonation. If retailers implement one measure to improve their cyber posture and drive down the malicious attacks aimed at them and their customers, it should be DMARC.

Deliverability improves when DMARC is implemented

As well as being essential for improving a business’s security posture, DMARC has been shown to have additional benefits when it comes to inbox placement and email deliverability.

Because a receiving server knows that a DMARC-authenticated email is legitimate, DMARC configuration plays a major role in improving the deliverability rate of all emails. One Red Sift customer found that by using OnDMARC, their deliverability shot up to 99%. Others have been impressed by both the improvements in deliverability and placement of their emails since implementing the security standard.

For a sector which relies so heavily on email, it’s more important than ever that all retailers correctly configure their DMARC policy to enjoy more ROI on their email campaigns, secure their supply chain, and stop their email marketing efforts going to waste.

To find out more about why DMARC is essential for retailers, download our latest whitepaper here > 


Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter