UK businesses applying for government Coronavirus loans at increased risk of email fraud

Business Email Compromise and Email Account Compromise

80% of accredited banks are not proactively blocking fraudulent emails from reaching targets

Proofpoint, Inc., (NASDAQ: PFPT) a leading cyber security and compliance company, today released research identifying that only 13 out of the 64 (20%) banks currently accredited by the government for Coronavirus Business Interruption Loan Scheme (CBILS) loans have implemented the strictest level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection. This protocol stops cybercriminals spoofing an organisation’s identity and decreases the risk of email fraud for customers. 

Worryingly, this means the remaining 80% of accredited banks are not proactively blocking fraudulent emails from reaching targets. Of the 64 accredited banks, 61% have no published DMARC record at all, leaving themselves wide open to impersonation attacks

As thousands of businesses register for or seek information about stimulus loans, cybercriminals are lying in wait, ready to defraud unwitting victims. Cybercriminals regularly use the method of domain spoofing to pose as government bodies or respected institutions, such as banks or financial organisations, by sending an email from a supposedly legitimate sender address. This makes it almost impossible for an ordinary Internet user to identify a fake sender from a real one.

This comes at a time of heightened risk as the volume of cyberattacks utilising COVID-19 has increased dramatically. Proofpoint is currently tracking nearly 300 different campaigns and last week saw 75M malicious messages leveraging COVID-19 themes. Initially, Proofpoint was seeing about one campaign a day worldwide - the team is now observing three to four each day across several languages.

“By not implementing simple, yet effective email authentication best practices, these accredited organisations are putting already vulnerable businesses at even greater risk, whilst COVID-19 related attacks are on the rise.” said Adenike Cosgrove, Cybersecurity Strategist, International at Proofpoint. “In times of urgency and uncertainty, individuals are much more susceptible to these kinds of attacks, particularly if a fraudulent email looks like it has come from a genuine domain. In tandem with the fact that the UK government has mandated this email authentication standard for public sector organisations, having the recommended level of DMARC protection is essential for any organisation accredited for the CBILS.”

Key findings

  • 80% of the 64 accredited banks for CBILS are not proactively blocking fraudulent emails from reaching customers, by not having implemented the strictest and recommended level of DMARC protection
  • 61% of the 64 accredited banks for CBILS have no published DMARC record at all, leaving themselves wide open to impersonation attacks

In light of the increased risks, businesses can protect themselves by adopting these following practices:

  • Be wary of any communication that instructs you to hand over personal information or financial details. Seek advice from a trusted source if you are unsure.
  • Ignore all unexpected solicitations by email. Banks will not ask for highly sensitive information via these channels.
  • Avoid clicking on unknown links, even from senders that appear official. If the information contained in an email looks legitimate, corroborate it with an official source.
  • Keep an eye out for spelling and grammatical errors. If an official-looking email includes spelling mistakes, it’s unlikely to be legitimate.

For many organisations, the road to easing email fraud risk is paved with DMARC (Domain-based Message Authentication, Reporting and Conformance), an email protocol being adopted globally as the passport control of the email security world. It verifies that the purported domain of the sender has not been impersonated.  DMARC verification relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the domain. This authentication protects employees, customers, and partners from cybercriminals looking to impersonate a trusted domain.

To find out more about DMARC, visit

Methodology: To assess the level of DMARC adoption among CBILS-accredited lenders, Proofpoint conducted an analysis of the corporate domains of the 64 organisations featured on British Business Bank’s list of current accredited lenders and partners as of May 11th 2020. British Business Bank is a development bank wholly owned by HM Government.


About Proofpoint, Inc
Proofpoint, Inc. (NASDAQ: PFPT) is a leading next-generation security and compliance company that provides cloud-based solutions to protect the way people work today. Proofpoint solutions enable organizations to protect their users from advanced attacks delivered via email, social media and mobile apps, protect the information their users create from advanced attacks and compliance risks, and respond quickly when incidents occur. More information is available at

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube | Google+


Proofpoint is a trademark or registered trademark of Proofpoint, Inc. in the U.S. and other countries. All other trademarks contained herein are the property of their respective owners.