This holiday shopping season, is important to keep an eye out for cyber scams. And new research suggests companies could be doing more to protect you from being tricked.
Cybercriminals love the holiday season. The internet is flooded with ads clamoring for shoppers' attention, and that makes it easier to slip in a scam.
At this point, you probably know to watch out for phishing emails, but it might surprise you to know that there's a tool that's been around a long time that could help solve this problem.
It's called DMARC - or the Domain Message Authentication, Reporting and Conformance Protocol - whew. It's actually pretty simple. It basically helps prove the sender is who they say they are.
"DMARC seeks to bring trust and confidence to the visible from address of an email, so that when you receive an email from an address at wellsfargo.com or bestbuy.com, you can say with absolute certainty it definitely came from them," said Robert Holmes of the cybersecurity firm Proofpoint.
According to his new research, more than half of the top 50 online retailers in the United States - they're not fully compliant with DMARC. Experts are predicting record-breaking holiday shopping this year. That makes for a lot of potential for fraud.
"The way that they look at this is Gmail on Black Friday, it's like kind of JFK Airport over Thanksgiving," Holmes said. "So imagine you're at JFK Airport on one of these days, with lots of people coming and going, and imagine a world where that airport didn't check IDs. Lots of nefarious activity would happen."
But there's good news. Early next year, Google and Yahoo will be requiring companies to use DMARC authentication. Otherwise, their messages will be more likely to get flagged as spam or blocked entirely. Holmes suggests it's important that companies take on a big part of the burden of securing their customers rather than train everyone to be cybersecurity experts just to buy Christmas gifts.
"The thing about good security: It should be invisible to Joe Public," Holmes said.
Even so, that might not be the end of consumer problems.
"I think the consequences of getting this wrong are severe. Legitimate email gets blocked," Holmes said.
That's because big companies have a big supply chain. They give third parties permission to send emails on their behalf.
You know those automated messages you get when your flight time changes or a payment is due? Those services need to be secured, too, or they might get blocked. If retailers don't take those kinds of things into consideration, you might miss a scam, but you could also miss a flight.