In an age where digital transactions and communications are the norm, the security of our online interactions, especially with financial institutions, is paramount.
However, recent research has cast a concerning light on the state of cybersecurity within Australian banks, revealing that a significant number are not providing the highest level of protection against email and phishing scams.
This leaves customers at an increased risk of falling prey to cybercriminals who are becoming ever more sophisticated in their fraudulent schemes.
The study, conducted by cybersecurity firm Proofpoint, has shown that a staggering 66 per cent of Australian banks have not implemented the most robust form of email authentication protection.
This technology, known as Domain-based Message Authentication, Reporting, and Conformance (DMARC), is designed to prevent email domains from being impersonated and to block phishing scams. DMARC works by verifying that the sender of an email is who they claim to be, providing a way to authenticate messages and thereby protect against fraudulent emails that could deceive customers into divulging sensitive information or transferring funds to scammers.
Despite the availability of DMARC, which offers varying levels of protection, only 34 per cent of Australian banks have adopted its highest level, which allows for the outright rejection of suspicious emails.
This is a concerning statistic, particularly when compared to the United States, where 58 per cent of banks have embraced this stringent security measure. The disparity is even more alarming considering that only 3 per cent of American banks lack a DMARC record, compared to 25 per cent of Australian banks.
The implications of this security shortfall are not trivial. Scamwatch has reported that over 66,000 Australians have been victims of email scams this year alone, with losses exceeding $224 million. These figures underscore the urgency with which Australian banks need to address their email security protocols.
In response to the growing threat, the Australian government has taken legislative action with the introduction of the Scam Prevention Framework. This legislation imposes mandatory obligations on banks, telecommunications companies, and social media platforms to actively prevent, detect, respond to, and report scams. Failure to comply can result in fines of up to $50 million, a clear indication of the seriousness with which the government views the issue of cybersecurity.
Steve Moros, Proofpoint’s Senior Director of Advanced Technology in the Asia Pacific, emphasises that cybercriminals often pose as trusted banks to lure Australians into their traps. The human cost of these scams is significant, with hard-working Australians being the primary targets.
‘They put their trust in financial institutions to ensure their credit card information, contact details, addresses, data, and of course, their money is safe,’ he said.
‘They can’t afford to have their life savings compromised by cybercriminals, especially given the rising cost of living and higher inflation pressures we are facing today.’
Some banks, like the National Australia Bank (NAB), have recognised the importance of robust cybersecurity measures.
NAB’s Chief Security Officer, Sandro Bucchianeri, notes that the bank has been using the strongest DMARC controls for several years, resulting in a dramatic reduction in scam emails. He stresses that securing Australia’s cybersecurity is a national imperative and that a collective effort is required to disrupt the scam ecosystem.
As consumers, it’s crucial to be vigilant and informed about the measures our banks are taking to protect us. If you’re unsure about the level of protection your bank provides, it’s worth reaching out to them for clarification. Additionally, always be cautious with emails requesting personal information or financial transactions, even if they appear to come from a legitimate source.
We encourage you to stay informed about cybersecurity and to take proactive steps to protect yourselves online. Use strong, unique passwords for your accounts, enable two-factor authentication where possible, and never click on links or download attachments from unknown or suspicious emails.
Have you or someone you know been affected by an email scam? What measures do you take to ensure your online banking is secure?