Why Retail Brands Are a Holiday Bargain for Phishers

Posted by Estelle Derouet 

As the holiday season approaches, retailers are busy launching their flagship marketing campaigns, stockpiling shelves, and reviewing return policies. Consumers are starting to look for the best deals—and so are cyber criminals.

According to PricewaterhouseCoopers (PwC), retail companies today are more likely to report cyber crime incidents than businesses from any industry other than financial services.

Yet, according to research by Gartner, retailers only spend about four percent of their IT budget on cyber security, while financial services spend five and a half percent.

This gap is even more pronounced when looking at cybersecurity spending per employee. Banking and financial services companies spend as much as $2,500 per employee on cyber security. Retail and consumer goods, on the other hand, invest only fraction of that—about $400 per employee.

And while many retailers focus their current security efforts on strengthening perimeter defenses, they fail to protect their consumers at the most basic level against outbound phishing attacks.

Return Path analyzed email messages sent from 179 of the top global retail brands looking specifically at DMARC (Domain-based Authentication Reporting and Conformance) record adoption, the best weapon against email fraud. The results were troubling: only 17 percent of analyzed brands—less than one in five—had implemented a DMARC policy on their main sending domains. And just 30 percent of the email messages with a policy in place actually passed DMARC authentication.

Retail companies cannot rely on unassuming customers to spot a fraudulent email; 97 percent of people around the globe cannot identify a sophisticated phishing message. These companies can, however, prevent fraudulent emails from ever reaching the customer’s inbox in the first place.

In our newly released eBook, The Retail Guide to Email Fraud, we dive into:

  • The cost of cybercrime for retailers
  • Retail’s top security challenges
  • Outbound email as a threat vector
  • Email security best practices for the retail industry

Get your copy here to learn how to protect your consumers, your brand, and your bottom line this holiday season.



Author Image

About Estelle Derouet

Estelle Derouet is Vice President of Marketing, Email Fraud Protection at Return Path. In her role, Estelle leads a fabulously talented team of experienced B2B marketers, tasked with driving awareness and generating demand. Prior to joining Return Path in 2010, Estelle led the EMEA and APAC marketing function at enterprise mobility provider iPass for eight years. Follow her on Twitter @ederouet.

Author Archive