Proofpoint has released research identifying that only one (2%) of the UK’s top 50 most popular dining and pub brands has implemented the strictest level of DMARC (Domain-based Message Authentication, Reporting and Conformance) protection. This protocol stops cybercriminals spoofing an organisation’s identity and decreases the risk of email fraud for customers.
Worryingly, this means the remaining 98% are not proactively blocking fraudulent emails from reaching customers, putting pubgoers and diners at risk. Of the 50 most popular brands, over two-thirds (70%) have no published DMARC record at all, leaving themselves wide open to impersonation attacks.
As customers return to pubs and dining establishments for the first time since lockdown commenced in March, the government has advised that contact details of patrons are obtained to support track and trace efforts. For a number of large chains’ online bookings this includes email addresses, meaning people may expect emails to let them know that they may have been exposed to the disease post-visit. In addition, at a time when consumers are eagerly awaiting communication from their favourite food or pub brands for deals and opening times, cybercriminals may prey on this anticipation to trick users.
Jamie Akhtar, CEO and Co-Founder of CyberSmart, said: “This research is very troubling. As many industries, including hospitality, are forced into the digital space there is a temptation to cut corners on privacy and data security in favour of more immediate concerns. This is a huge mistake.
“Most cybercriminals are opportunistic so it is precisely in times of transition like these that they will anticipate and target businesses who don’t take their cyber security seriously. Following the DMARC and Cyber Essentials guidelines for basic cyber hygiene can go a long way in preventing attacks which will protect both the business and its customers.
“On the consumer side, we need to help educate the public on how to spot fraudulent emails. While they may be using accurate domain names in their spoofs, things like poor grammar, urgent calls to action and suspicious links can give them away. If in doubt, don’t click on it.”Click below to share this article