A paltry 13 out of the 64 banks accredited by the UK government for its Coronavirus Business Interruption Loan Scheme (CBILS) have bothered to implement the strictest level of domain-based messaging authentication, reporting and conformance – or Dmarc – protection to stop cyber criminals from spoofing their identity to use in phishing attacks.
This means that 80% of accredited banks are unable to say they are proactively protecting their customers from fraudulent emails, and 61% have no published Dmarc record whatsoever, according to Proofpoint, a cloud security and compliance specialist.
Domain spoofing to pose as a government body or other respected institution, such as a provider of financial services, is a highly popular method used by cyber criminals to compromise their targets.
Using this technique, they can make an illegitimate email appear as if it is coming from a supposedly completely legitimate email address, which neatly gets around one of the most obvious ways people have of spotting a phishing email – the address does not match the institution in any way.
The Dmarc protocol builds on two other protocols – the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). It works by adding linkage to the author’s domain name with the :From header, alongside standardised policies for how recipients handle authentication failures, and improves receiver-to-sender reporting. It has been around for eight years.
Adenike Cosgrove, cyber security strategist at Proofpoint’s international business, said that failing to implement email authentication best practice was putting some of the UK’s most vulnerable businesses at heightened risk during the coronavirus pandemic.
“In times of urgency and uncertainty, individuals are much more susceptible to these kinds of attacks, particularly if a fraudulent email looks like it has come from a genuine domain,” she said.
“In tandem with the fact that the UK government has mandated this email authentication standard for public sector organisations, having the recommended level of Dmarc protection is essential for any organisation accredited for the CBILS.”
Proofpoint said it was currently tracking close to 300 different campaigns related to the pandemic, and last week saw 75 million malicious email messages exploiting Covid-19.
In the absence of appropriate measures from the banks, Proofpoint urged businesses taking advantage of the CBILS scheme – which offers support in the form of term loans, overdrafts, invoice finance and asset finance – to take steps to safeguard their own security.
In particular, employees should be wary of any communication that requests them to hand over personal information or financial details, and ignore any unexpected solicitations by email – no legitimate bank will ever ask for sensitive information in an email.
Users should also avoid clicking on any links in emails that they were not expecting, and to corroborate anything that seems suspicious with an official source via a medium other than email.
Finally, even though spam emails spoofing banks can be virtually indistinguishable from the real thing, it is always still worth keeping a beady eye out for spelling and grammar errors.