Security experts have warned that the majority of the UK’s largest financial institutions have failed to protect their customers from email fraud with patchwork implementations of DMARC.
The Domain-Based Message Authentication, Reporting and Conformance (DMARC) protocol prevents email-based fraud and spoofing attempts by authenticating the identity of a sender before a message is delivered.
However, there are three levels: Monitor, Quarantine, and Deny. Only “Deny” prevents users from reading suspicious messages. “Quarantine” takes you to your spam folder, while “Monitor” takes you directly to your inbox.
Read more about DMARC: Only 1% of Dot-Org domains are fully DMARC protected
Proofpoint’s analysis of the DMARC implementation strategies of 150 UK banks found a worrying 30% of banks had no protection in place at all. Fifth (18%) employs the weakest DMARC policy (“monitor”), effectively offering no protection to customers.
Of the total number of banks assessed in this study, less than half (47%) had a DMARC “deny” policy in place.
“Banking institutions store vast amounts of sensitive personal and financial data, making them prime targets for cybercriminals,” warned Proofpoint cybersecurity strategist Matt Cook. .
“With the continued digitization of the banking sector and the increasing use of mobile apps by customers, it is important for these institutions to prioritize cybersecurity measures to protect against potential cyberthreats. Staying vigilant and staying ahead of the evolving threat landscape is essential to protecting customer data and funds.”
Not only does DMARC reduce the threat of phishing to customers, staff, and other stakeholders, but it is also important in addressing the growing business email compromise (BEC) threat, Proofpoint argued.
BEC scammers use phishing tactics to compromise the email accounts of CEOs, suppliers, or finance team members in order to monitor email flow or impersonate individuals to request large corporate funds transfers. often hijacked.
