Dan Kitwood/Getty Images
show image

Laurie Clarke

Reporter

UK banks exposing businesses to risk of Covid-19 email fraud, says Proofpoint

Only one in five banks accredited to hand out coronavirus business loans have implemented the strictest protocols preventing cyber criminals from spoofing an organisation’s identity – leaving customers at greater risk of email fraud, data from cyber security firm Proofpoint shows.

Eighty per cent of banks accredited for the Coronavirus Business Interruption Loan Scheme (CBILS) have not implemented the strictest level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection – an email authentication protocol that verifies that the purported domain of the sender has not been impersonated. Almost two thirds of accredited banks have published no DMARC record at all, leaving the doors to impersonation attacks flung open, according to Proofpoint.

Domain spoofing is a common route of attack for cyber criminals, who pose as official institutions such as banks and government agencies. During this time, many business are seeking coronavirus loans, increasing the likelihood that some will be caught out. Cyber criminals have leapt on the coronavirus pandemic as a novel means to extort people online. Proofpoint claims to be tracking nearly 300 different malicious campaigns relating to Covid-19 at present, and last week saw 75 million malicious messages leveraging COVID-19 themes.

“By not implementing simple, yet effective email authentication best practices, these accredited organisations are putting already vulnerable businesses at even greater risk, whilst COVID-19 related attacks are on the rise.” said Adenike Cosgrove, cyber security strategist at Proofpoint in a statement.

“In times of urgency and uncertainty, individuals are much more susceptible to these kinds of attacks, particularly if a fraudulent email looks like it has come from a genuine domain. In tandem with the fact that the UK government has mandated this email authentication standard for public sector organisations, having the recommended level of DMARC protection is essential for any organisation accredited for the CBILS.”