Haifa Ketiti, Senior Systems Engineer at Proofpoint Middle East, highlights the cybersecurity challenges surrounding the upcoming White Friday shopping season and alerts online shoppers to beware of escalated cyber risks.
The article provides practical insights into the heightened cyber risks faced by consumers and retailers in the Middle East, emphasizing key measures such as DMARC protection and secure online practices. Haifa’s expertise provides a solid and relevant perspective, making this piece timely for your readers as we approach the holiday retail season.
With the biggest end-of-year retail season around the corner, consumers are getting ready to take advantage of the best deals and promotions. But as the anticipation builds for White Friday, both retailers and shoppers must beware of escalated cyber risks.
Even as e-commerce has experienced remarkable growth, with online sales surpassing traditional retail channels, Middle East retailers continue to find themselves susceptible to cybercriminals.
Earlier this year, Proofpoint, released research that showed that only 65% of the top 20 retailers in the Middle East had implemented the minimum level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection, meaning 35% were not taking steps to prevent malicious actors spoofing their domain.
DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals. It is the best way for organizations to protect email traffic against phishing and other fraudulent activity.
DMARC authenticates the sender’s identity before allowing the message to reach its intended designation. ‘Reject’ is the strictest and recommended level of DMARC protection, a setting and policy that blocks fraudulent emails from reaching their intended target.
Proofpoint’s research showed that only 30% of the top 20 retailers in the Middle East had the strictest and recommended DMARC policy (‘reject’) in place, meaning 70% are not proactively blocking fraudulent emails from reaching consumers. This is alarming given the burgeoning retail industry in the region.
Most common attack points
As White Friday sales approach, millions of shoppers will be browsing the web for the best offers available. They will also be inundated with emails promising enticing deals. Shoppers must remember that email remains the number one threat vector, and attackers rely heavily on social engineering tactics to target people.
Click-happy shoppers must be extra vigilant as cybercriminals could create tempting clickbait to capitalize on the increase in email communication from retailers. Shoppers should also be very careful with their credentials, as retail organizations continue to be lucrative targets for cybercriminals looking to collect payment card data.
Meanwhile, retailers operating e-commerce platforms must be wary of criminals finding ways of embedding their malicious code within their site’s credit card processing page. This allows them to gain access to customers’ payment data without affecting the functionality of the website. According to industry estimates, these attacks represent about 18% of all retail breaches.
Building safe online shopping habits
The growth of the retail sector in the Middle East is showing no signs of slowing down. Statistics reveal that profits from grocery, apparel, and electronics retail in the GCC exceeded the global industry average. In fact, consumer spending in KSA was the highest in the region at over $16bn.
With this high traffic of retail activity, it will be critical for Middle Eastern retailers and shoppers to safeguard from online fraud. Shoppers would do well to create a separate password for each online shopping site and ensure it does not include birthdates, anniversary dates, or any other information that might have been posted on a social media site. They should also look to employ a password manager to streamline and add an extra layer of protection with multi-factor authentication.
It is also good practice to limit online shopping to known merchants. Shoppers should only go to websites by directly typing the URL in the address bar, and avoid following links. It is best to avoid responding to unsolicited text message offers or coupons and steer clear of random pop-up windows.
It can be tempting to click on messages that pop up promising discounts or gift cards in exchange for personal information or responses to survey questions. Before submitting an online transaction, shoppers must make sure that the webpage address begins with “https.” It also helps to look for other signs of security, like a padlock icon in a browser window and seals from trusted organizations.
Lastly, people must make sure to adequately secure their home network and only make purchases on Wi-Fi networks that are secure. Shoppers may unwittingly use free in-store Wi-Fi but using a mobile data connection is always preferable over a public network. Many shoppers are in the habit of saving multiple credit cards for online purchases, but using just one makes it easier to monitor transactions.
Cyber hygiene can go a long way in ensuring a safe, secure, and enjoyable retail season. Happy shopping!