A recent cybersecurity study by Proofpoint has revealed that Australian banks are significantly lagging behind their U.S. counterparts when it comes to implementing robust email fraud protections. The analysis found that 66% of Australian financial institutions have not yet adopted the highest level of Domain-based Message Authentication, Reporting, and Conformance (DMARC) protection. DMARC is a critical tool used to combat phishing attacks by verifying whether an incoming email is from a legitimate source. The highest level of DMARC protection, “reject,” blocks fraudulent emails from being delivered to recipients, offering an added layer of security against scammers posing as trusted institutions.
In comparison, banks in the United States have made more progress in securing email communications. According to Proofpoint’s research, 58% of U.S. banks have implemented the highest level of DMARC protection, making them better equipped to prevent phishing attacks and scams targeting their customers. While 75% of Australian banks have some form of DMARC protection in place, this still leaves a significant number of institutions exposed to potential threats, as one-quarter of banks in Australia have no DMARC implementation at all. In the U.S., only 3% of banks lack any DMARC protection, showing a stark contrast in the cybersecurity maturity between the two countries.
Cybercriminals are increasingly targeting Australians with phishing emails that impersonate reputable banks, attempting to trick individuals into revealing sensitive information or transferring funds. Steve Moros, Proofpoint’s Senior Director for Advanced Technology Group in Asia-Pacific and Japan, emphasized the importance of banks taking greater responsibility in protecting their customers from scams. Despite recent legislative efforts by the Australian government to hold financial institutions accountable for cybersecurity, gaps remain that could leave consumers vulnerable to fraud. Australians have already lost over $208 million to scammers in 2024, highlighting the urgent need for stronger protections in the financial sector.
Experts argue that Australian banks must adopt stronger email security measures, including the enforcement of the strictest DMARC “reject” level, to keep pace with the evolving threat landscape. As phishing tactics become more sophisticated, it is essential for financial institutions to close the security gaps that are currently putting their customers at risk. With increasing pressure from rising costs and inflation, Australian consumers can ill afford to have their savings compromised by cybercriminals. By prioritizing cybersecurity and implementing the highest DMARC protections, Australian banks can better safeguard their customers and reduce the risk of financial fraud.
Reference:
