Research from Proofpoint, a cyber security and compliance company, recently analysed the level of adoption of DMARC (Domain-based Message Authentication, Reporting and Conformance) by banks across the UAE, KSA, Oman, Qatar, Bahrain, and Kuwait to evaluate their email fraud prevention preparedness.
Proofpoint explained that DMARC is an email validation protocol designed to protect domain names from misuse by cybercriminals.
It works by authenticating the sender’s identity before allowing the message to reach its intended designation.
The strictest and recommended level of DMARC protection is ‘Reject,’ which is the setting and policy that proactively blocks fraudulent emails from reaching their intended target.
The company’s analysis found that in 2024, 96 per cent of GCC banks have published a DMARC record (Domain-based Message Authentication, Reporting & Conformance).
This is up from 94 per cent last year, but still means just 4 per cent are taking no steps to protect against misuse of their domain in email fraud.
Further, the report also revealed that 71 per cent of GCC banks have implemented the strictest and recommended level of DMARC protection (‘reject’), up from 67 per cent last year.
This means 29 per cent are still not proactively protecting customers against email impersonation and fraud.
The company noted that with the rapid digitalisation of the GCC banking sector, it is essential for banks to prioritise cybersecurity measures to safeguard against potential cyber threats.
Domain spoofing is regularly used by cybercriminals to pose as well-known organisations and companies by sending an email from a supposedly legitimate sender address.
Further, it can be almost impossible for an ordinary Internet user to identify a fake sender from a real one.
Proofpoint explained that while user awareness and education play a key role in hardening the human-centric security layer, technical controls such as DMARC are extremely important in protecting organisations against email-based attacks and fraud.