Why Retail Brands Are a Holiday Bargain for Phishers

As the holiday season approaches, retailers are busy launching their flagship marketing campaigns, stockpiling shelves, and reviewing return policies. Consumers are starting to look for the best deals—and so are cyber criminals.

According to PricewaterhouseCoopers (PwC), retail companies today are more likely to report cyber crime incidents than businesses from any industry other than financial services.

Yet, according to research by Gartner, retailers only spend about four percent of their IT budget on cyber security, while financial services spend five and a half percent.

This gap is even more pronounced when looking at cybersecurity spending per employee. Banking and financial services companies spend as much as $2,500 per employee on cyber security. Retail and consumer goods, on the other hand, invest only fraction of that—about $400 per employee.

And while many retailers focus their current security efforts on strengthening perimeter defenses, they fail to protect their consumers at the most basic level against outbound phishing attacks.

Return Path analyzed email messages sent from 179 of the top global retail brands looking specifically at DMARC (Domain-based Authentication Reporting and Conformance) record adoption, the best weapon against email fraud. The results were troubling: only 17 percent of analyzed brands—less than one in five—had implemented a DMARC policy on their main sending domains. And just 30 percent of the email messages with a policy in place actually passed DMARC authentication.

Retail companies cannot rely on unassuming customers to spot a fraudulent email; 97 percent of people around the globe cannot identify a sophisticated phishing message. These companies can, however, prevent fraudulent emails from ever reaching the customer’s inbox in the first place.

In our newly released eBook, The Retail Guide to Email Fraud, we dive into:

  • The cost of cybercrime for retailers
  • Retail’s top security challenges
  • Outbound email as a threat vector
  • Email security best practices for the retail industry

Get your copy here to learn how to protect your consumers, your brand, and your bottom line this holiday season.



minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time