THE Black Friday approach, but a threat persists, as the latest Proofpoint study reveals that nearly 6 out of 10 French e-commerce sites lack protection against email attacks.
A study by cybersecurity specialist Proofpoint, published this Thursday, November 16, highlights a potential danger for all those who buy online in France. Of the top 50 e-commerce sites, 58% do not have the necessary security measures against email attacks. So-called DMARC protection, crucial to preventing domain theft, is still insufficient, which further exposes consumers to fraudulent emails.
E-commerce sites still too vulnerable to email attacks
The results delivered by Proofpoint are quite worrying, even if France is not the worst student in this area. Of the 50 most visited sites, including Amazon, Vinted, Shein, Leboncoin, SNCF Connect, Booking, Cdiscount and others, many lack basic cybersecurity measures. The analysis focuses specifically on DMARC protection, highlighting that 58% of sites fail to meet the recommended “reject” level. Among the platforms we have just mentioned, Leboncoin, Booking and Cdiscount apply the “reject” mode. Amazon and Vinted forward emails to your spam, and that is better than nothing. Shein and SNCF Connect, on the other hand, simply let them pass.
Email remains the biggest threat to IT security. Attacks, particularly phishing, are increasing during this end-of-year period. The DMARC identification protocol, for Domain-based Message Authentication Reporting and Conformanceremains the essential technology to protect brands from domain theft, and consumers from identity theft.
Although 90% of sites have a basic DMARC record, only 42% adopt the recommended “reject” level of protection. For the e-retailers concerned, it is urgent to react, to guarantee secure online purchases.
France is one of the best European students, and yet…
With regard to France in particular, know that we rank 3th in Europe, with 42% of sites in “reject” mode. Only the United Kingdom (53%) and Spain (65%) do better. But the situation nevertheless remains critical. The share of sites that have not yet adopted the “reject” mode is too high.
Loïc Guézo, director of cybersecurity strategy at Proofpoint, reminds us of the benefits of the DMARC protocol: “ when set to “bounce” mode, a malicious email cannot reach the recipient’s inbox “.
In a global context of strengthening security, Google and Yahoo plan to require email authentication from February 2024. These measures aim to prevent spam and scams. Health organizations, in particular, are concerned and will have to deploy the DMARC protocol. Failure to comply with these requirements will impact the delivery of legitimate messages. Finally, we will recall the basics of security:
- Protect your passwords,
- Beware of fake sites,
- Avoid phishing threats by email and SMS,
- Avoid clicking on links,
- Check before buying.
4