More than three quarters of top GCC banks leave customers vulnerable to email fraud
(MENAFN- BPG Group) Dubai - UAE, 10 Spetember 2025: After demonstrating improvements in their email security protocols in 2024, Domain-based Message Authentication, Reporting, and Conformance (DMARC) authentication adoption among GCC banks has fallen from 96% last year to 77% in 2025, leaving customers vulnerable to phishing and other fraudulent activity. This is according to the latest research by leading cybersecurity and compliance company, Proofpoint, which evaluated the top banks across the UAE, KSA, Oman, Qatar, Bahrain, and Kuwait, to assess their email fraud preparedness in 2025.
DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender's identity before allowing a message to reach its intended destination. DMARC has three levels of protection – monitor, quarantine, and reject, with reject being the most secure for preventing suspicious emails from reaching the inbox.
Proofpoint’s study shows that almost a quarter (23%) of the top financial institutions in the GCC are taking no steps to protect against misuse of their domain in email fraud, which means that transactional emails, including password resets, appointment reminders, and more, are at risk. Furthermore, only 60% are implementing the strictest level of DMARC protection (reject) in 2025 compared to 71% in 2024, meaning 40% are not proactively protecting customers against email impersonation and fraud.
Emile Abou Saleh, Vice President, Northern Europe, Middle East, Turkey and Africa at Proofpoint said: “We are witnessing a worrying trend this year as the number of financial institutions in the GCC with a published a DMARC record has decreased, potentially exposing vast amounts of sensitive personal and financial data to cybercriminals. This lack of protection against email fraud is disconcerting given that there has been consistent improvement in DMARC performance among GCC banks over the past two years. However, it is never too late for banks to re-visit security protocols and protect their email traffic against phishing and other fraudulent activity.”
In 2024, Proofpoint’s research showed that 96% of GCC banks had published a DMARC record, while 71% had implemented the strictest and recommended level of DMARC protection (‘reject’). This was higher than in 2023, where 94% of GCC banks had published a DMARC record.
Banks that implement DMARC are better equipped to protect their customers, employees, and brand from email fraud. By safeguarding email traffic, they can ensure that legitimate email is properly authenticated and that fraudulent activity appearing to come from domains under the bank’s control is blocked before it reaches customers.
DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender's identity before allowing a message to reach its intended destination. DMARC has three levels of protection – monitor, quarantine, and reject, with reject being the most secure for preventing suspicious emails from reaching the inbox.
Proofpoint’s study shows that almost a quarter (23%) of the top financial institutions in the GCC are taking no steps to protect against misuse of their domain in email fraud, which means that transactional emails, including password resets, appointment reminders, and more, are at risk. Furthermore, only 60% are implementing the strictest level of DMARC protection (reject) in 2025 compared to 71% in 2024, meaning 40% are not proactively protecting customers against email impersonation and fraud.
Emile Abou Saleh, Vice President, Northern Europe, Middle East, Turkey and Africa at Proofpoint said: “We are witnessing a worrying trend this year as the number of financial institutions in the GCC with a published a DMARC record has decreased, potentially exposing vast amounts of sensitive personal and financial data to cybercriminals. This lack of protection against email fraud is disconcerting given that there has been consistent improvement in DMARC performance among GCC banks over the past two years. However, it is never too late for banks to re-visit security protocols and protect their email traffic against phishing and other fraudulent activity.”
In 2024, Proofpoint’s research showed that 96% of GCC banks had published a DMARC record, while 71% had implemented the strictest and recommended level of DMARC protection (‘reject’). This was higher than in 2023, where 94% of GCC banks had published a DMARC record.
Banks that implement DMARC are better equipped to protect their customers, employees, and brand from email fraud. By safeguarding email traffic, they can ensure that legitimate email is properly authenticated and that fraudulent activity appearing to come from domains under the bank’s control is blocked before it reaches customers.
Legal Disclaimer:
MENAFN provides the
information “as is” without warranty of any kind. We do not accept
any responsibility or liability for the accuracy, content, images,
videos, licenses, completeness, legality, or reliability of the information
contained in this article. If you have any complaints or copyright
issues related to this article, kindly contact the provider above.
Most popular stories
Market Research
- Japan Buy Now Pay Later Market Size To Surpass USD 145.5 Billion By 2033 CAGR Of 22.23%
- BTCC Summer Festival 2025 Unites Japan's Web3 Community
- GCL Subsidiary, 2Game Digital, Partners With Kucoin Pay To Accept Secure Crypto Payments In Real Time
- Smart Indoor Gardens Market Growth: Size, Trends, And Forecast 20252033
- Nutritional Bar Market Size To Expand At A CAGR Of 3.5% During 2025-2033
- Pluscapital Advisor Empowers Traders To Master Global Markets Around The Clock
More Story
Comments
No comment