AUS
NZ
UK
CA
USA
FRA
GER
ESP
ITA
NLD
PRT
SWE
GRC
IND
POL
BRA
ZAF
RUS
CHN
UAE
Highlights
- 66% of Australian banks lack the strongest DMARC protection.
- Only 34% of Australian banks apply the most secure DMARC setting.
- One-quarter of Australian banks have no DMARC record, increasing vulnerability.
Recent research from cybersecurity firm Proofpoint reveals significant vulnerabilities in the email security practices of Australian banks compared to their US counterparts. The findings highlight that many Australian financial institutions are not using the most effective tools to protect customers from email fraud and phishing attacks, leaving them susceptible to cybercriminal activity.
Weak DMARC Adoption in Australia
One of the most concerning findings of the analysis is that 66% of Australian banks have not adopted the most robust form of Domain-based Message Authentication, Reporting, and Conformance (DMARC) protection. DMARC is an essential tool that helps prevent cybercriminals from spoofing legitimate bank emails, a common tactic used in phishing scams.
While 75% of Australian banks do use some form of DMARC, only 34% enforce the highest level of protection, the "Reject" setting. This setting blocks harmful emails before they can reach customers' inboxes, significantly reducing the risk of scams. The majority of banks in Australia, however, only implement less stringent DMARC policies, failing to provide full protection against phishing attempts.
Growing Cybersecurity Threats
The gap in email security practices is compounded by the increasing threat of cybercrime targeting the financial sector. Cybercriminals are becoming more sophisticated, often posing as trusted institutions like banks to deceive individuals into revealing sensitive information. Steve Moros, senior director at Proofpoint, emphasized that Australian banks need to address these security gaps to prevent further exploitation of consumers.
The research also found that one-quarter of Australian banks do not have any DMARC record in place, making them particularly vulnerable to email-based fraud. Without this foundational security measure, these banks are at heightened risk of becoming targets for impersonation and phishing schemes.
Comparison with US Banks
In contrast, US banks are generally better equipped to handle email fraud risks. According to the study, 58% of US banks have implemented the highest level of DMARC protection, significantly reducing the likelihood of email fraud. Furthermore, only 3% of US banks were found to lack any DMARC record, highlighting the stronger security measures in place across the Pacific.
The Government's New Scam Prevention Framework
These findings come at a time when the Australian Government is ramping up its efforts to combat scams through a new Scam Prevention Framework. The framework imposes fines of up to $50 million on businesses, including banks, that fail to manage scam risks effectively. This new regulation requires businesses to report scams promptly and provides victims with avenues for compensation, further emphasizing the need for stronger cybersecurity measures within the banking sector.
Proofpoint's research calls attention to the significant cybersecurity gaps in Australia's banking sector, urging financial institutions to adopt stronger email authentication measures, such as the "Reject" DMARC setting, to safeguard customers. The report also underscores the importance of enhanced vigilance around email authenticity to mitigate the growing risks of phishing and domain impersonation scams. As cybersecurity threats continue to evolve, Australian banks must act quickly to shore up their defenses and protect their customers from the rising tide of email fraud.
