Many cyberattacks begin with a phony email, a tactic known as phishing, which is most likely how 5 million Saks and Lord & Taylor customers’ personal banking information was "breached."
Online retailers are not protecting their consumers, especially as consumers’ preference for online product research and shopping continues to grow. Instead, retailers rely on the email channel to provide an optimal customer experience, and, according to Campaign Monitor, consumers rely on brands to keep them informed through email.
This disconnect should be very troubling to online shoppers, because a recent study by 250ok revealed an overwhelming 87.6% of the top retailers in the United States and European Union put consumers at risk for phishing attacks through email. Chinese brands leave consumers at an even higher risk.
New email security data on the top 100 Chinese companies by revenue (Tencent, Alibaba, etc.) from 250ok shows Chinese brands are at a particularly high-risk for spoofing and phishing attacks due to poor adoption of even the minimum email authentication recommendation.
At the very least, all online retailers should use a Domain-based Message Authentication, Reporting and Conformance (DMARC) policy on all their sending domains, along with an email authentication policy like a Sender Policy Framework (SPF) record or a DomainKeys Identified Mail (DKIM) policy, but preferably both. DMARC is a sender-published policy for messages that fail email authentication tests. Deploying a DMARC policy is the first step to protecting consumers, employees, and their brands from phishing attacks.
A DMARC reject policy is considered the gold standard of email authentication, as it removes all possibilities of a recipient receiving the phishing email. This policy better ensures a malicious email never reaches the recipient, as opposed to arriving in the inbox (no policy or “none” policy), or placement in a spam or quarantine folder (quarantine policy).
After implementing a DMARC policy, some brands reported a double-digit increase in their marketing email Inbox Placement Rates (IPR), and single-digit growth in opens and clicks. If a double-digit boost is not enough of a push for retailers, Cloudmark found 42% of consumers are less likely to do business with a company following receipt of a suspicious message disguised to be from that brand.
Taking the first step in properly setting up email authentication by deploying a DMARC policy, e-retailers are better prepared to protect their brand, customers and employees from phishing attacks.