https://tech.newstatesman.com/security/uk-banks-covid-19-email-fraud-proofpoint

Only 22 per cent of banks accredited to hand out coronavirus business loans have implemented the strictest protocols preventing cyber criminals from spoofing an organisation’s identity – leaving customers at greater risk of email fraud, data from cyber security firm Proofpoint shows.

Seventy eight per cent of banks accredited for the Coronavirus Business Interruption Loan Scheme (CBILS) have not implemented the strictest level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection – an email authentication protocol that verifies that the purported domain of the sender has not been impersonated. Almost two thirds of accredited banks have published no DMARC record at all, leaving the doors to impersonation attacks flung open, according to Proofpoint.