Aussie banks fail to fully protect customers from email scams
Written by admin on November 27, 2024
New research has revealed most Australian banks are failing to fully protect customers from email scams leaving them more vulnerable to fraud.
The study, conducted by cyber security company Proofpoint, found 66 per cent of Australia’s banks failed to implement the highest level of email authentication protection to prevent email domains from being spoofed or from phishing scams.
Spoof emails occur when a scammer tricks people into thinking a message has come from a legitimate person or a business they know and trust.
Spoof and phishing emails can be prevented through an email validation system called Domain-based, Message, Authentication, Reporting and Conformance (DMARC).
DMARC is an email authentication, policy and reporting protocol that is widely used to protect a domain from fraudulent email.
It has three levels of protection which users can opt to reject suspicious emails from reaching inboxes as the highest level of protection.
But Proofpoint found only 34 per cent of Australian banks had implemented the highest protection level and lagged behind its US counterparts, leaving customers more exposed to email fraud.
Scamwatch reported more than 66,000 Australians had fallen victim to email scams this year, which was the second most common contact method behind text messages that were used by scammers.
In 2024, Australians have already reported losing more than $224m to scammers.
Proofpoint senior director advanced technology Asia Pacific Steve Moros said the Australian government had passed landmark legislation to ensure banks took more accountability to protect Australians from being scammed.
The Scam Prevention Framework was introduced to impose mandatory obligations on banks, telcos and social media companies to prevent, detect, respond and report scams or face fines up to $50m.
Mr Moros said cyber criminals were increasingly posing as trusted banks to trick Australians into handing over sensitive information or transferring funds via email phishing attacks.
Proofpoint found compared to financial institutions in the US, Australian banks fell behind their global counterparts in terms of security and fraud prevention.
While a third of Australian banks implemented the highest level of DMARC protection, 58 per cent of banks in the US had adopted this strictest form of email authentication.
The analysis showed only 3 per cent of American banks lacked a DMARC record, compared to 25 per cent of banks in Australia, leaving a large number of Australians vulnerable to cyberattacks.
Mr Moros said at the end of the day, hard-working Australians were the primary targets of these scams.
“They put their trust in financial institutions to ensure their credit card information, contact details, addresses, data, and of course, their money is safe,” he said.
“They can’t afford to have their life savings compromised by cyber criminals, especially given the rising cost of living and higher inflation pressures we are facing today.”
CBA and NAB have been contacted for comment.