Millions of residents across the GCC who rely on email for banking alerts and notifications may be at greater risk of fraud, according to new research from cybersecurity firm Proofpoint. The study reveals a concerning decline in the adoption of a global email authentication standard among regional banks, leaving customers more vulnerable to phishing and impersonation attacks.
The findings show that only 77% of GCC banks are using the DMARC protocol, a standard designed to prevent cybercriminals from spoofing a bank’s official domain. This figure represents a significant drop from 96% in the previous year.
Declining Email Defences
DMARC, or Domain-based Message Authentication, Reporting, and Conformance, is a critical tool that verifies the authenticity of an email. It operates at three levels of enforcement: monitoring suspicious emails, sending them to quarantine, or rejecting them outright. The “reject” setting offers the highest level of security by blocking fraudulent messages before they can reach a customer’s inbox.
According to Proofpoint, the use of this strongest setting has also fallen. Only 60% of GCC banks now implement the “reject” policy, down from 71% last year. The research indicates that 23% of the region’s banks have no DMARC protection in place, failing to safeguard customers from potentially harmful emails sent in their name.
This security gap creates opportunities for criminals to trick people into revealing sensitive information. Phishing emails, designed to look like official bank communications, can direct users to fake websites to steal login credentials, personal data like Emirates ID numbers, or money.
A Call for Vigilance
The trend has prompted a warning from cybersecurity experts. “We are witnessing a worrying trend this year as fewer GCC banks are protecting their email traffic,” said Emile Abou Saleh, a regional director at Proofpoint. “This potentially exposes vast amounts of sensitive personal and financial data to cybercriminals.” He urged financial institutions to review and strengthen their email security protocols immediately.
While banks work to improve their defences, customers can take steps to protect themselves. It is advisable to carefully check the sender’s address on any email and avoid clicking on links. Instead, log in to banking services directly through the official website or mobile app. Enabling two-factor authentication adds a crucial layer of security, and any suspicious messages should be reported to the bank without delay.
