Are your banking emails becoming an easy target for fraudsters now?

Dubai: Millions of GCC residents rely on emails from their banks — from password resets and account alerts to loan reminders and credit card notifications. But new research suggests those messages may not be as secure as you think.

A study by cybersecurity firm Proofpoint found that only 77% of GCC banks use the global standard for email authentication in 2025 — down from 96% in 2024. This slide in security means more customers are vulnerable to phishing attacks and email impersonation, where fraudsters mimic official bank domains to steal sensitive data.

Banks use a protocol called DMARC to verify emails are really from them. It works at three levels: monitor, quarantine, and reject. The “reject” setting is the strongest — blocking suspicious messages before they reach your inbox.

Proofpoint’s research shows:

That means nearly 2 out of 5 banks aren’t fully shielding customers from fraudulent emails pretending to be them.

Phishing is one of the most common cybercrimes in the GCC. Fraudulent bank emails can trick people into:

For residents who often manage finances, credit cards, and even loan repayments online, weak protection at the bank’s end increases everyday risks.

“We are witnessing a worrying trend this year as fewer GCC banks are protecting their email traffic,” said Emile Abou Saleh of Proofpoint. “This potentially exposes vast amounts of sensitive personal and financial data to cybercriminals.”

He urged banks to revisit their email security protocols immediately.

While banks need to strengthen defences, you can reduce risks by:

The bottom line? With banking emails now central to daily life in the GCC, even small security lapses can have big consequences. Until banks across the region strengthen their email protection, vigilance from customers remains the strongest line of defence.