With the holiday shopping season kicking off this week, new research from Proofpoint uncovers significant gaps in email security among top U.S. retailers.
According to the cybersecurity and compliance company, 40% of the nation’s leading retailers are failing to implement sufficient measures to prevent fraudulent emails that mimic their brands from reaching consumers’ inboxes.
The findings come from Proofpoint’s analysis of Domain-based Message Authentication, Reporting and Conformance (DMARC) adoption among the 50 largest U.S. retailers. DMARC is a critical email authentication protocol designed to protect brands and their customers by preventing cybercriminals from sending deceptive emails using a retailer’s domain. While DMARC offers three levels of security, such as monitor, quarantine, and reject, the latter is the most effective in stopping phishing attempts.
Proofpoint’s study reveals that while 60% of retailers have adopted the highest “reject” policy, marking a 12% improvement over 2023, 40% remain vulnerable to email fraud.
Of these, 18% use a monitor policy, which allows unverified emails to reach inboxes, while 12% employ a quarantine policy, redirecting potentially fraudulent emails to spam folders.
The timing of these findings raises concerns as the National Retail Federation (NRF) projects U.S. holiday sales to hit $979.5 billion to $989 billion, with online shopping driving much of the growth.
Retailers often rely on email to engage shoppers, but this surge in communication also creates opportunities for cybercriminals to launch phishing attacks. By spoofing brand domains, attackers can trick consumers into disclosing personal information or financial details, leading to identity theft and fraud.
With holiday spending ramping up, the 40% of retailers without robust DMARC policies risk leaving consumers exposed to email scams.
“Email continues to be the vector of choice for cybercriminals and the retail industry remains a key target. It’s encouraging to see that more retailers are taking the right steps to protect their customers from email fraud this holiday season compared to last year. However, there is still a lot of room for improvement, especially as guards are down as consumers vie to quickly snag seasonal bargains,” said Robert Holmes, group vice president and general manager of Proofpoint’s Sender Security and Authentication business.