- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Over Half of UK Banks Are Exposing Customers to Email Fraud
Security experts have warned that a majority of the UK’s leading lenders are failing to protect their customers from email fraud, through patchy implementation of DMARC.
The Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol helps prevent email-based fraud and impersonation attempts by authenticating sender identity before a message is delivered.
However, there are three levels: monitor, quarantine and reject. Only “reject” will ensure suspicious messages don’t end up being read by the user. “Quarantine” directs them to the spam folder while “monitor” allows them straight through to the inbox.
Read more on DMARC: Just 1% of Dot-Org Domains Are Fully DMARC Protected
Proofpoint analyzed the DMARC implementation strategies of 150 UK banks and worryingly found 30% have no protection in place at all. A fifth (18%) have the weakest DMARC policy (“monitor”), providing virtually no protection to customers.
Less than half (47%) of the total number of banks assessed for the study had implemented a DMARC “reject” policy.
“Banking institutions are a prime target for cyber-criminals due to the vast amounts of sensitive personal and financial data they store,” warned Proofpoint cybersecurity strategist, Matt Cooke.
“With continuous digitalization in the banking sector and increased usage of mobile apps by customers, it is crucial for these institutions to prioritize cybersecurity measures to safeguard against potential cyber-threats. It is imperative for firms to remain vigilant and stay ahead of the evolving threat landscape to protect their customers’ data and money.”
DMARC is important not just in mitigating the phishing threat for customers, staff and other stakeholders, but also in tackling the growing menace of business email compromise (BEC), Proofpoint claimed.
BEC scammers often use phishing tactics to hijack the email account of a CEO, supplier or finance team member, in order to monitor email flows, and/or to impersonate an individual to request a big-money corporate fund transfer.
