- The smartwatch with the best battery life I've tested is also one of the cheapest
- One of the most immersive portable speakers I've tested is not made by Sony or Bose
- US Voters Urged to Use Official Sources for Election Information
- The best foldable phones of 2024: Expert tested and reviewed
- Redefining customer experience: How AI is revolutionizing Mastercard
Over Half of UK Banks Are Exposing Customers to Email Fraud
Security experts have warned that a majority of the UK’s leading lenders are failing to protect their customers from email fraud, through patchy implementation of DMARC.
The Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol helps prevent email-based fraud and impersonation attempts by authenticating sender identity before a message is delivered.
However, there are three levels: monitor, quarantine and reject. Only “reject” will ensure suspicious messages don’t end up being read by the user. “Quarantine” directs them to the spam folder while “monitor” allows them straight through to the inbox.
Read more on DMARC: Just 1% of Dot-Org Domains Are Fully DMARC Protected
Proofpoint analyzed the DMARC implementation strategies of 150 UK banks and worryingly found 30% have no protection in place at all. A fifth (18%) have the weakest DMARC policy (“monitor”), providing virtually no protection to customers.
Less than half (47%) of the total number of banks assessed for the study had implemented a DMARC “reject” policy.
“Banking institutions are a prime target for cyber-criminals due to the vast amounts of sensitive personal and financial data they store,” warned Proofpoint cybersecurity strategist, Matt Cooke.
“With continuous digitalization in the banking sector and increased usage of mobile apps by customers, it is crucial for these institutions to prioritize cybersecurity measures to safeguard against potential cyber-threats. It is imperative for firms to remain vigilant and stay ahead of the evolving threat landscape to protect their customers’ data and money.”
DMARC is important not just in mitigating the phishing threat for customers, staff and other stakeholders, but also in tackling the growing menace of business email compromise (BEC), Proofpoint claimed.
BEC scammers often use phishing tactics to hijack the email account of a CEO, supplier or finance team member, in order to monitor email flows, and/or to impersonate an individual to request a big-money corporate fund transfer.