Banking & Insurance

Business /
Banking

Are your banking emails becoming an easy target for fraudsters now?

Proofpoint: Only 77% of GCC banks use global email authentication standard in 2025

Last updated:
Justin Varghese
2 MIN READ
Stock - Digital banking
Shutterstock

Dubai: Millions of GCC residents rely on emails from their banks — from password resets and account alerts to loan reminders and credit card notifications. But new research suggests those messages may not be as secure as you think.

A study by cybersecurity firm Proofpoint found that only 77% of GCC banks use the global standard for email authentication in 2025 — down from 96% in 2024. This slide in security means more customers are vulnerable to phishing attacks and email impersonation, where fraudsters mimic official bank domains to steal sensitive data.

What’s going wrong?

Banks use a protocol called DMARC to verify emails are really from them. It works at three levels: monitor, quarantine, and reject. The “reject” setting is the strongest — blocking suspicious messages before they reach your inbox.

Proofpoint’s research shows:

  • 23% of banks in the GCC take no steps to protect their domains.

  • Only 60% use the strict “reject” setting this year, compared with 71% in 2024.

That means nearly 2 out of 5 banks aren’t fully shielding customers from fraudulent emails pretending to be them.

UAE banks to hike card fees soon: 7 ways to save on overseas spending

Why it matters to you

Phishing is one of the most common cybercrimes in the GCC. Fraudulent bank emails can trick people into:

  • Entering login credentials on fake websites.

  • Handing over personal data like Emirates ID numbers.

  • Clicking malicious links that steal money or install malware.

For residents who often manage finances, credit cards, and even loan repayments online, weak protection at the bank’s end increases everyday risks.

Expert warning

“We are witnessing a worrying trend this year as fewer GCC banks are protecting their email traffic,” said Emile Abou Saleh of Proofpoint. “This potentially exposes vast amounts of sensitive personal and financial data to cybercriminals.”

He urged banks to revisit their email security protocols immediately.

UAE non-performing loans at record low: Central Bank 

What you can do

While banks need to strengthen defences, you can reduce risks by:

  • Double-checking sender addresses before clicking links.

  • Avoiding links in emails — log into your bank directly via its website or app.

  • Enabling two-factor authentication wherever possible.

  • Reporting suspicious messages to your bank immediately.

The bottom line? With banking emails now central to daily life in the GCC, even small security lapses can have big consequences. Until banks across the region strengthen their email protection, vigilance from customers remains the strongest line of defence.

Justin Varghese
Justin is a personal finance author and seasoned business journalist with over a decade of experience. He makes it his mission to break down complex financial topics and make them clear, relatable, and relevant—helping everyday readers navigate today’s economy with confidence. Before returning to his Middle Eastern roots, where he was born and raised, Justin worked as a Business Correspondent at Reuters, reporting on equities and economic trends across both the Middle East and Asia-Pacific regions.

Sign up for the Daily Briefing

Get the latest news and updates straight to your inbox

Latest Stories

UAE Philharmonic Orchestra launches Grand Second Season

Phillips to highlight additive & hybrid manufacturing

5 K-Dramas that would've been epic films

UAE residents fuel autumn travel boom

Weekend weather: Expect temperature changes across UAE

Network Links

GN Store
About Gulf NewsTerms & ConditionsReach by GNSitemapContact usPrivacy PolicyGN FocusHave your sayWork with usAdvertise with usGulf News epaperPrinting Services

Download our app

© Al Nisr Publishing LLC 2025. All rights reserved.