2 min read

90% of online retailers expose customers to phishing attacks – research

Filip TRUȚĂ

January 31, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
90% of online retailers expose customers to phishing attacks – research

Phishing, one of the most common attack vectors that cybercriminals use to steal your data, remains a huge risk for online shoppers as we enter 2018. New data compiled by experts in email analytics shows that online retailers are exposing their customers to huge risks.

Email phishing is a method to steal sensitive information such as usernames, passwords, credit card information, etc. The recipient receives an email purporting to be from a legitimate party – i.e. their bank – asking them to log into their account, or supply their user name and password for one reason or another.

The fake email is made to look genuine to trick the victim into handing over the information straight to the attackers. Attackers then use those credentials to log into the victim”s accounts and online services and try to steal whatever they can – especially cash.

Phishing and spoofing attacks are most likely when companies lack strong email validation systems. And according to email analytics firm 250ok, nearly all top-tier online retailers in the U.S. and Europe fall embarrassingly in that category.

87.6 percent of root domains operated by top e-retailers in the United States and Europe are putting their consumers at risk of having their data stolen through the most basic form of social engineering – phishing.

The company analyzed 3,300 domains of the top 1,000 U.S. internet retailers and 500 EU internet retailers by revenue and found most do use some level of email authentication on their domains.

However, the vast majority are inconsistent in their approach across the multiple domains they control. Only 11 to 12 percent of top retailer domains meet the recommended minimum protocol for the email channel, according to the study.

“By failing to publish basic authentication records like SPF and a DMARC record for all of the domains they operate, retailers are blind to the potential abuse of their brands” domain names,” said Matthew Vernhout, director of privacy at 250ok. “It leaves both the brand and the consumer unnecessarily exposed to phishing attacks that damage brand trust.”

Some 91 percent of all cyberattacks begin with a phishing email so, especially with the General Data Protection Regulation just around the corner, online retailers clearly have a huge problem on their hands. And they will have to deal with it by May, or else.

Last year, Google did a joint study with the University of California, Berkeley to better understand how hijackers trick users into taking over their online accounts. Researchers found that, between March 2016 and March 2017, cybercrooks ran off with 12 million credentials solely via phishing attacks.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read