100_banks_dmarc_policies graphic

According to IBM, “financially-motivated cyber criminals make up the greatest portion of active cyber threat actors targeting financial entities, and the allure of financial companies to a cybercriminal is clear: potentially significant and rapid payouts—in the millions—for a successful attack.” And for four years running, the finance and insurance industries have experienced the highest number of attacks.

With financial institutions continuing to be a top target for phishing exploits, we examined the DMARC status of the world’s top 100 banks based on assets as reported.

DMARC Status

  • 38% had no DMARC record
  • 24% had a DMARC record at a p=none policy
  • 2% had a DMARC record with a p=quarantine policy
  • 36% had a DMARC record with a p=reject policy

Without having domains locked down with a DMARC enforcement policy, criminals can pose as a bank and send phishing emails to customers with a goal of gaining access to accounts and stealing personal information. Google blocks over 100 million phishing emails each day; and that’s just one email receiver.

When a financial institution or any organization has their email domains exploited by phishing, not only are there financial losses from misdirected funds and clean-up costs, but also media attention and tarnished brand reputation. DMARC allows domain owners to view who is sending email on their behalf, confirm the legitimate sources and disqualify all the rest.

We’re Here to Help

With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul. You can get in touch with us or register for a free trial where our onboarding and support team will help you along the way.

Want to continue the conversation? Head over to the dmarcian Forum