Sydney, Australia – A new study by cybersecurity firm Proofpoint has revealed that a significant number of Australian banks are failing to adequately protect their customers from email scams and phishing attacks.

The research found that 66% of Australian banks have not implemented the highest level of email authentication protection to prevent email domain spoofing and phishing attacks.

Spoofing emails are fraudulent messages designed to deceive recipients into believing they are from a legitimate sender. DMARC (Domain-Based Message Authentication, Reporting and Conformance) is a widely used email authentication, policy, and reporting protocol that helps protect domains from fraudulent emails. It offers three protection levels, with the highest level allowing users to reject suspicious emails from reaching their inbox.

However, Proofpoint's study found that only 34% of Australian banks have implemented the highest level of protection, lagging behind their US counterparts and leaving customers more vulnerable to email scams.

Scamwatch has reported that over 66,000 Australians have fallen victim to email scams this year, making it the second most common contact method used by scammers, after text messages. In 2024 alone, Australians have already lost over $224 million to scammers.