Media OutReach

Protective measures against email fraud remain widely insufficient among leading Asia Pacific companies. Australia’s high adoption rate of proper email authentication (71%) among its top companies sets the standard for the Asia Pacific region Around 50% of leading Singapore and India’s businesses have implemented the recommended level of email authentication Concerningly, less than 20% of the largest organisations in Japan, South Korea, China and Thailand are actively protecting their customers against phishing SINGAPORE – Media OutReach Newswire – 21 February 2025 – Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research on a worrying gap among top organisations across the Asia Pacific with only 12% having implemented the recommended and most stringent level of email authentication. In 2024, phishing attacks surged significantly, increasing nearly 60% year-over-year. This dramatic increase underscores the critical need for proper implementation of email authentication, which prevents cyber criminals from spoofing organisations’ identities thus reducing the risk of email fraud. These findings are based on an analysis of the Domain-based Message Authentication, Reporting and Conformance (DMARC), a widely-adopted email validation protocol records of Asia Pacific companies listed on the Forbes Global 2000. DMARC protects domain names from being misused by malicious actors by authenticating the sender’s identity before an email reaches its intended destination. This authentication system detects and prevents domain spoofing, a common phishing technique. DMARC has three levels of protection – monitor, quarantine, and reject, with reject being the most secure for preventing suspicious emails from reaching users’ inboxes. “Email remains the most common and critical threat vector across industries. It’s encouraging that many leading companies in Asia Pacific have taken proactive steps to protect their customers from email fraud,” said George Lee, Senior Vice President of Asia Pacific and Japan at Proofpoint. “However, the rising frequency, sophistication, and cost of cyberattacks make it especially concerning that many remain highly vulnerable, exposing them to significant risks from malicious email-based threats such as phishing. Prioritising robust cybersecurity measures is essential to safeguard against these threats and protect customers’ valuable data.” Proofpoint’s research shows that DMARC adoption in the Asia Pacific region is mostly lower compared to the US and UK, placing organisations and their customers at risk. While Australia leads in email authentication DMARC enforcement, Japan, South Korea and Thailand lag, leaving businesses exposed to escalating email fraud, including business email compromise (BEC) and phishing. Key findings of Proofpoint’s DMARC analysis across key Asia Pacific markets include: Australia: 71% of the top Australian companies have implemented DMARC at the recommended levels (reject). All the top Australian companies being studied have a DMARC record. Singapore: 46.2% of companies analysed have DMARC set to reject. Yet 23.1% do not have any DMARC record and are wide open to email fraud and domain spoofing attacks. India: 50% of the top Indian organisations implemented the highest level of DMARC (reject), with 30.9% utilising quarantine and 11.8% having no DMARC record at all. Japan: Only 7.4% of top Japanese companies have a DMARC policy of reject in place. 65.6% of companies are at the monitor level, gathering data but offering no active protection South Korea: Only 1.8% have implemented DMARC at the quarantine level with none at the reject level, and 51.8% having no DMARC record at all. Thailand: 17.6% have a reject policy in place to block unqualified emails, while 17.6% of companies implemented quarantine and 52.9% at the monitor level still. China: Only 4.2% of top Chinese companies have the strictest level of DMARC in place. A startling 71.8% do not use any DMARC protection at all. Major Providers and Compliance Mandates Push for DMARC Adoption Major email providers are making moves to force companies to catch up and use email authentication. Some highly-publicised examples include the October 2023 announcements from Google, Yahoo and Apple around mandatory email authentication requirements (including DMARC) for bulk senders sending emails to Gmail, Yahoo and iCloud accounts. This aims to significantly reduce spam and fraudulent emails hitting their customers’ inboxes. In addition, organisations that store consumer payment information must comply with the Payment Card Industry Data Security Standard (PCI-DSS) or risk paying hefty fines for violations. The latest PCI DSS (v4.0.1) will require companies to use DMARC to protect credit card data by March 31, 2025. Proofpoint recommends that organisations follow these best practices: Implement DMARC: Protect your domain from impersonation by implementing DMARC and enforcing it at the reject level. Seek expert assistance if needed to avoid blocking legitimate emails. Educate employees: Train staff on how to identify and avoid potentially fraudulent or suspicious emails, such as those impersonating colleagues, suppliers, or customers. Strengthen passwords: Establish and enforce best practices for password management, including requiring strong passwords, regular changes, and never re-using passwords across multiple accounts. This analysis was conducted in December 2024 using data from companies listed on Forbes Global 2000. To learn more about DMARC, visit: https://www.proofpoint.com/au/threat-reference/dmarc Hashtag: #Proofpoint The issuer is solely responsible for the content of this announcement. About Proofpoint, Inc. Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com. Connect with Proofpoint: X | LinkedIn | Facebook | YouTube Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

Protective measures against email fraud remain widely insufficient among leading Asia Pacific companies. Australia’s high adoption rate of proper email authentication (71%) among its top companies sets the standard for the Asia Pacific region Around 50% of leading Singapore and India’s businesses have implemented the recommended level of email authentication Concerningly, less than 20% of the largest organisations in Japan, South Korea, China and Thailand are actively protecting their customers against phishing SINGAPORE – Media OutReach Newswire – 21 February 2025 – Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research on a worrying gap among top organisations across the Asia Pacific with only 12% having implemented the recommended and most stringent level of email authentication. In 2024, phishing attacks surged significantly, increasing nearly 60% year-over-year. This dramatic increase underscores the critical need for proper implementation of email authentication, which prevents cyber criminals from spoofing organisations’ identities thus reducing the risk of email fraud. These findings are based on an analysis of the Domain-based Message Authentication, Reporting and Conformance (DMARC), a widely-adopted email validation protocol records of Asia Pacific companies listed on the Forbes Global 2000. DMARC protects domain names from being misused by malicious actors by authenticating the sender’s identity before an email reaches its intended destination. This authentication system detects and prevents domain spoofing, a common phishing technique. DMARC has three levels of protection – monitor, quarantine, and reject, with reject being the most secure for preventing suspicious emails from reaching users’ inboxes. “Email remains the most common and critical threat vector across industries. It’s encouraging that many leading companies in Asia Pacific have taken proactive steps to protect their customers from email fraud,” said George Lee, Senior Vice President of Asia Pacific and Japan at Proofpoint. “However, the rising frequency, sophistication, and cost of cyberattacks make it especially concerning that many remain highly vulnerable, exposing them to significant risks from malicious email-based threats such as phishing. Prioritising robust cybersecurity measures is essential to safeguard against these threats and protect customers’ valuable data.” Proofpoint’s research shows that DMARC adoption in the Asia Pacific region is mostly lower compared to the US and UK, placing organisations and their customers at risk. While Australia leads in email authentication DMARC enforcement, Japan, South Korea and Thailand lag, leaving businesses exposed to escalating email fraud, including business email compromise (BEC) and phishing. Key findings of Proofpoint’s DMARC analysis across key Asia Pacific markets include: Australia: 71% of the top Australian companies have implemented DMARC at the recommended levels (reject). All the top Australian companies being studied have a DMARC record. Singapore: 46.2% of companies analysed have DMARC set to reject. Yet 23.1% do not have any DMARC record and are wide open to email fraud and domain spoofing attacks. India: 50% of the top Indian organisations implemented the highest level of DMARC (reject), with 30.9% utilising quarantine and 11.8% having no DMARC record at all. Japan: Only 7.4% of top Japanese companies have a DMARC policy of reject in place. 65.6% of companies are at the monitor level, gathering data but offering no active protection South Korea: Only 1.8% have implemented DMARC at the quarantine level with none at the reject level, and 51.8% having no DMARC record at all. Thailand: 17.6% have a reject policy in place to block unqualified emails, while 17.6% of companies implemented quarantine and 52.9% at the monitor level still. China: Only 4.2% of top Chinese companies have the strictest level of DMARC in place. A startling 71.8% do not use any DMARC protection at all. Major Providers and Compliance Mandates Push for DMARC Adoption Major email providers are making moves to force companies to catch up and use email authentication. Some highly-publicised examples include the October 2023 announcements from Google, Yahoo and Apple around mandatory email authentication requirements (including DMARC) for bulk senders sending emails to Gmail, Yahoo and iCloud accounts. This aims to significantly reduce spam and fraudulent emails hitting their customers’ inboxes. In addition, organisations that store consumer payment information must comply with the Payment Card Industry Data Security Standard (PCI-DSS) or risk paying hefty fines for violations. The latest PCI DSS (v4.0.1) will require companies to use DMARC to protect credit card data by March 31, 2025. Proofpoint recommends that organisations follow these best practices: Implement DMARC: Protect your domain from impersonation by implementing DMARC and enforcing it at the reject level. Seek expert assistance if needed to avoid blocking legitimate emails. Educate employees: Train staff on how to identify and avoid potentially fraudulent or suspicious emails, such as those impersonating colleagues, suppliers, or customers. Strengthen passwords: Establish and enforce best practices for password management, including requiring strong passwords, regular changes, and never re-using passwords across multiple accounts. This analysis was conducted in December 2024 using data from companies listed on Forbes Global 2000. To learn more about DMARC, visit: https://www.proofpoint.com/au/threat-reference/dmarc Hashtag: #Proofpoint The issuer is solely responsible for the content of this announcement. About Proofpoint, Inc. Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com. Connect with Proofpoint: X | LinkedIn | Facebook | YouTube Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

Protective measures against email fraud remain widely insufficient among leading Asia Pacific companies. Australia’s high adoption rate of proper email authentication (71%) among its top companies sets the standard for the Asia Pacific region Around 50% of leading Singapore and India’s businesses have implemented the recommended level of email authentication Concerningly, less than 20% of the largest organisations in Japan, South Korea, China and Thailand are actively protecting their customers against phishing SINGAPORE – Media OutReach Newswire – 21 February 2025 – Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research on a worrying gap among top organisations across the Asia Pacific with only 12% having implemented the recommended and most stringent level of email authentication. In 2024, phishing attacks surged significantly, increasing nearly 60% year-over-year. This dramatic increase underscores the critical need for proper implementation of email authentication, which prevents cyber criminals from spoofing organisations’ identities thus reducing the risk of email fraud. These findings are based on an analysis of the Domain-based Message Authentication, Reporting and Conformance (DMARC), a widely-adopted email validation protocol records of Asia Pacific companies listed on the Forbes Global 2000. DMARC protects domain names from being misused by malicious actors by authenticating the sender’s identity before an email reaches its intended destination. This authentication system detects and prevents domain spoofing, a common phishing technique. DMARC has three levels of protection – monitor, quarantine, and reject, with reject being the most secure for preventing suspicious emails from reaching users’ inboxes. “Email remains the most common and critical threat vector across industries. It’s encouraging that many leading companies in Asia Pacific have taken proactive steps to protect their customers from email fraud,” said George Lee, Senior Vice President of Asia Pacific and Japan at Proofpoint. “However, the rising frequency, sophistication, and cost of cyberattacks make it especially concerning that many remain highly vulnerable, exposing them to significant risks from malicious email-based threats such as phishing. Prioritising robust cybersecurity measures is essential to safeguard against these threats and protect customers’ valuable data.” Proofpoint’s research shows that DMARC adoption in the Asia Pacific region is mostly lower compared to the US and UK, placing organisations and their customers at risk. While Australia leads in email authentication DMARC enforcement, Japan, South Korea and Thailand lag, leaving businesses exposed to escalating email fraud, including business email compromise (BEC) and phishing. Key findings of Proofpoint’s DMARC analysis across key Asia Pacific markets include: Australia: 71% of the top Australian companies have implemented DMARC at the recommended levels (reject). All the top Australian companies being studied have a DMARC record. Singapore: 46.2% of companies analysed have DMARC set to reject. Yet 23.1% do not have any DMARC record and are wide open to email fraud and domain spoofing attacks. India: 50% of the top Indian organisations implemented the highest level of DMARC (reject), with 30.9% utilising quarantine and 11.8% having no DMARC record at all. Japan: Only 7.4% of top Japanese companies have a DMARC policy of reject in place. 65.6% of companies are at the monitor level, gathering data but offering no active protection South Korea: Only 1.8% have implemented DMARC at the quarantine level with none at the reject level, and 51.8% having no DMARC record at all. Thailand: 17.6% have a reject policy in place to block unqualified emails, while 17.6% of companies implemented quarantine and 52.9% at the monitor level still. China: Only 4.2% of top Chinese companies have the strictest level of DMARC in place. A startling 71.8% do not use any DMARC protection at all. Major Providers and Compliance Mandates Push for DMARC Adoption Major email providers are making moves to force companies to catch up and use email authentication. Some highly-publicised examples include the October 2023 announcements from Google, Yahoo and Apple around mandatory email authentication requirements (including DMARC) for bulk senders sending emails to Gmail, Yahoo and iCloud accounts. This aims to significantly reduce spam and fraudulent emails hitting their customers’ inboxes. In addition, organisations that store consumer payment information must comply with the Payment Card Industry Data Security Standard (PCI-DSS) or risk paying hefty fines for violations. The latest PCI DSS (v4.0.1) will require companies to use DMARC to protect credit card data by March 31, 2025. Proofpoint recommends that organisations follow these best practices: Implement DMARC: Protect your domain from impersonation by implementing DMARC and enforcing it at the reject level. Seek expert assistance if needed to avoid blocking legitimate emails. Educate employees: Train staff on how to identify and avoid potentially fraudulent or suspicious emails, such as those impersonating colleagues, suppliers, or customers. Strengthen passwords: Establish and enforce best practices for password management, including requiring strong passwords, regular changes, and never re-using passwords across multiple accounts. This analysis was conducted in December 2024 using data from companies listed on Forbes Global 2000. To learn more about DMARC, visit: https://www.proofpoint.com/au/threat-reference/dmarc Hashtag: #Proofpoint The issuer is solely responsible for the content of this announcement. About Proofpoint, Inc. Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com. Connect with Proofpoint: X | LinkedIn | Facebook | YouTube Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

Protective measures against email fraud remain widely insufficient among leading Asia Pacific companies. Australia’s high adoption rate of proper email authentication (71%) among its top companies sets the standard for the Asia Pacific region Around 50% of leading Singapore and India’s businesses have implemented the recommended level of email authentication Concerningly, less than 20% of the largest organisations in Japan, South Korea, China and Thailand are actively protecting their customers against phishing SINGAPORE – Media OutReach Newswire – 21 February 2025 – Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research on a worrying gap among top organisations across the Asia Pacific with only 12% having implemented the recommended and most stringent level of email authentication. In 2024, phishing attacks surged significantly, increasing nearly 60% year-over-year. This dramatic increase underscores the critical need for proper implementation of email authentication, which prevents cyber criminals from spoofing organisations’ identities thus reducing the risk of email fraud. These findings are based on an analysis of the Domain-based Message Authentication, Reporting and Conformance (DMARC), a widely-adopted email validation protocol records of Asia Pacific companies listed on the Forbes Global 2000. DMARC protects domain names from being misused by malicious actors by authenticating the sender’s identity before an email reaches its intended destination. This authentication system detects and prevents domain spoofing, a common phishing technique. DMARC has three levels of protection – monitor, quarantine, and reject, with reject being the most secure for preventing suspicious emails from reaching users’ inboxes. “Email remains the most common and critical threat vector across industries. It’s encouraging that many leading companies in Asia Pacific have taken proactive steps to protect their customers from email fraud,” said George Lee, Senior Vice President of Asia Pacific and Japan at Proofpoint. “However, the rising frequency, sophistication, and cost of cyberattacks make it especially concerning that many remain highly vulnerable, exposing them to significant risks from malicious email-based threats such as phishing. Prioritising robust cybersecurity measures is essential to safeguard against these threats and protect customers’ valuable data.” Proofpoint’s research shows that DMARC adoption in the Asia Pacific region is mostly lower compared to the US and UK, placing organisations and their customers at risk. While Australia leads in email authentication DMARC enforcement, Japan, South Korea and Thailand lag, leaving businesses exposed to escalating email fraud, including business email compromise (BEC) and phishing. Key findings of Proofpoint’s DMARC analysis across key Asia Pacific markets include: Australia: 71% of the top Australian companies have implemented DMARC at the recommended levels (reject). All the top Australian companies being studied have a DMARC record. Singapore: 46.2% of companies analysed have DMARC set to reject. Yet 23.1% do not have any DMARC record and are wide open to email fraud and domain spoofing attacks. India: 50% of the top Indian organisations implemented the highest level of DMARC (reject), with 30.9% utilising quarantine and 11.8% having no DMARC record at all. Japan: Only 7.4% of top Japanese companies have a DMARC policy of reject in place. 65.6% of companies are at the monitor level, gathering data but offering no active protection South Korea: Only 1.8% have implemented DMARC at the quarantine level with none at the reject level, and 51.8% having no DMARC record at all. Thailand: 17.6% have a reject policy in place to block unqualified emails, while 17.6% of companies implemented quarantine and 52.9% at the monitor level still. China: Only 4.2% of top Chinese companies have the strictest level of DMARC in place. A startling 71.8% do not use any DMARC protection at all. Major Providers and Compliance Mandates Push for DMARC Adoption Major email providers are making moves to force companies to catch up and use email authentication. Some highly-publicised examples include the October 2023 announcements from Google, Yahoo and Apple around mandatory email authentication requirements (including DMARC) for bulk senders sending emails to Gmail, Yahoo and iCloud accounts. This aims to significantly reduce spam and fraudulent emails hitting their customers’ inboxes. In addition, organisations that store consumer payment information must comply with the Payment Card Industry Data Security Standard (PCI-DSS) or risk paying hefty fines for violations. The latest PCI DSS (v4.0.1) will require companies to use DMARC to protect credit card data by March 31, 2025. Proofpoint recommends that organisations follow these best practices: Implement DMARC: Protect your domain from impersonation by implementing DMARC and enforcing it at the reject level. Seek expert assistance if needed to avoid blocking legitimate emails. Educate employees: Train staff on how to identify and avoid potentially fraudulent or suspicious emails, such as those impersonating colleagues, suppliers, or customers. Strengthen passwords: Establish and enforce best practices for password management, including requiring strong passwords, regular changes, and never re-using passwords across multiple accounts. This analysis was conducted in December 2024 using data from companies listed on Forbes Global 2000. To learn more about DMARC, visit: https://www.proofpoint.com/au/threat-reference/dmarc Hashtag: #Proofpoint The issuer is solely responsible for the content of this announcement. About Proofpoint, Inc. Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com. Connect with Proofpoint: X | LinkedIn | Facebook | YouTube Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

Protective measures against email fraud remain widely insufficient among leading Asia Pacific companies. Australia’s high adoption rate of proper email authentication (71%) among its top companies sets the standard for the Asia Pacific region Around 50% of leading Singapore and India’s businesses have implemented the recommended level of email authentication Concerningly, less than 20% of the largest organisations in Japan, South Korea, China and Thailand are actively protecting their customers against phishing SINGAPORE – Media OutReach Newswire – 21 February 2025 – Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research on a worrying gap among top organisations across the Asia Pacific with only 12% having implemented the recommended and most stringent level of email authentication. In 2024, phishing attacks surged significantly, increasing nearly 60% year-over-year. This dramatic increase underscores the critical need for proper implementation of email authentication, which prevents cyber criminals from spoofing organisations’ identities thus reducing the risk of email fraud. These findings are based on an analysis of the Domain-based Message Authentication, Reporting and Conformance (DMARC), a widely-adopted email validation protocol records of Asia Pacific companies listed on the Forbes Global 2000. DMARC protects domain names from being misused by malicious actors by authenticating the sender’s identity before an email reaches its intended destination. This authentication system detects and prevents domain spoofing, a common phishing technique. DMARC has three levels of protection – monitor, quarantine, and reject, with reject being the most secure for preventing suspicious emails from reaching users’ inboxes. “Email remains the most common and critical threat vector across industries. It’s encouraging that many leading companies in Asia Pacific have taken proactive steps to protect their customers from email fraud,” said George Lee, Senior Vice President of Asia Pacific and Japan at Proofpoint. “However, the rising frequency, sophistication, and cost of cyberattacks make it especially concerning that many remain highly vulnerable, exposing them to significant risks from malicious email-based threats such as phishing. Prioritising robust cybersecurity measures is essential to safeguard against these threats and protect customers’ valuable data.” Proofpoint’s research shows that DMARC adoption in the Asia Pacific region is mostly lower compared to the US and UK, placing organisations and their customers at risk. While Australia leads in email authentication DMARC enforcement, Japan, South Korea and Thailand lag, leaving businesses exposed to escalating email fraud, including business email compromise (BEC) and phishing. Key findings of Proofpoint’s DMARC analysis across key Asia Pacific markets include: Australia: 71% of the top Australian companies have implemented DMARC at the recommended levels (reject). All the top Australian companies being studied have a DMARC record. Singapore: 46.2% of companies analysed have DMARC set to reject. Yet 23.1% do not have any DMARC record and are wide open to email fraud and domain spoofing attacks. India: 50% of the top Indian organisations implemented the highest level of DMARC (reject), with 30.9% utilising quarantine and 11.8% having no DMARC record at all. Japan: Only 7.4% of top Japanese companies have a DMARC policy of reject in place. 65.6% of companies are at the monitor level, gathering data but offering no active protection South Korea: Only 1.8% have implemented DMARC at the quarantine level with none at the reject level, and 51.8% having no DMARC record at all. Thailand: 17.6% have a reject policy in place to block unqualified emails, while 17.6% of companies implemented quarantine and 52.9% at the monitor level still. China: Only 4.2% of top Chinese companies have the strictest level of DMARC in place. A startling 71.8% do not use any DMARC protection at all. Major Providers and Compliance Mandates Push for DMARC Adoption Major email providers are making moves to force companies to catch up and use email authentication. Some highly-publicised examples include the October 2023 announcements from Google, Yahoo and Apple around mandatory email authentication requirements (including DMARC) for bulk senders sending emails to Gmail, Yahoo and iCloud accounts. This aims to significantly reduce spam and fraudulent emails hitting their customers’ inboxes. In addition, organisations that store consumer payment information must comply with the Payment Card Industry Data Security Standard (PCI-DSS) or risk paying hefty fines for violations. The latest PCI DSS (v4.0.1) will require companies to use DMARC to protect credit card data by March 31, 2025. Proofpoint recommends that organisations follow these best practices: Implement DMARC: Protect your domain from impersonation by implementing DMARC and enforcing it at the reject level. Seek expert assistance if needed to avoid blocking legitimate emails. Educate employees: Train staff on how to identify and avoid potentially fraudulent or suspicious emails, such as those impersonating colleagues, suppliers, or customers. Strengthen passwords: Establish and enforce best practices for password management, including requiring strong passwords, regular changes, and never re-using passwords across multiple accounts. This analysis was conducted in December 2024 using data from companies listed on Forbes Global 2000. To learn more about DMARC, visit: https://www.proofpoint.com/au/threat-reference/dmarc Hashtag: #Proofpoint The issuer is solely responsible for the content of this announcement. About Proofpoint, Inc. Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com. Connect with Proofpoint: X | LinkedIn | Facebook | YouTube Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

Protective measures against email fraud remain widely insufficient among leading Asia Pacific companies. Australia’s high adoption rate of proper email authentication (71%) among its top companies sets the standard for the Asia Pacific region Around 50% of leading Singapore and India’s businesses have implemented the recommended level of email authentication Concerningly, less than 20% of the largest organisations in Japan, South Korea, China and Thailand are actively protecting their customers against phishing SINGAPORE – Media OutReach Newswire – 21 February 2025 – Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research on a worrying gap among top organisations across the Asia Pacific with only 12% having implemented the recommended and most stringent level of email authentication. In 2024, phishing attacks surged significantly, increasing nearly 60% year-over-year. This dramatic increase underscores the critical need for proper implementation of email authentication, which prevents cyber criminals from spoofing organisations’ identities thus reducing the risk of email fraud. These findings are based on an analysis of the Domain-based Message Authentication, Reporting and Conformance (DMARC), a widely-adopted email validation protocol records of Asia Pacific companies listed on the Forbes Global 2000. DMARC protects domain names from being misused by malicious actors by authenticating the sender’s identity before an email reaches its intended destination. This authentication system detects and prevents domain spoofing, a common phishing technique. DMARC has three levels of protection – monitor, quarantine, and reject, with reject being the most secure for preventing suspicious emails from reaching users’ inboxes. “Email remains the most common and critical threat vector across industries. It’s encouraging that many leading companies in Asia Pacific have taken proactive steps to protect their customers from email fraud,” said George Lee, Senior Vice President of Asia Pacific and Japan at Proofpoint. “However, the rising frequency, sophistication, and cost of cyberattacks make it especially concerning that many remain highly vulnerable, exposing them to significant risks from malicious email-based threats such as phishing. Prioritising robust cybersecurity measures is essential to safeguard against these threats and protect customers’ valuable data.” Proofpoint’s research shows that DMARC adoption in the Asia Pacific region is mostly lower compared to the US and UK, placing organisations and their customers at risk. While Australia leads in email authentication DMARC enforcement, Japan, South Korea and Thailand lag, leaving businesses exposed to escalating email fraud, including business email compromise (BEC) and phishing. Key findings of Proofpoint’s DMARC analysis across key Asia Pacific markets include: Australia: 71% of the top Australian companies have implemented DMARC at the recommended levels (reject). All the top Australian companies being studied have a DMARC record. Singapore: 46.2% of companies analysed have DMARC set to reject. Yet 23.1% do not have any DMARC record and are wide open to email fraud and domain spoofing attacks. India: 50% of the top Indian organisations implemented the highest level of DMARC (reject), with 30.9% utilising quarantine and 11.8% having no DMARC record at all. Japan: Only 7.4% of top Japanese companies have a DMARC policy of reject in place. 65.6% of companies are at the monitor level, gathering data but offering no active protection South Korea: Only 1.8% have implemented DMARC at the quarantine level with none at the reject level, and 51.8% having no DMARC record at all. Thailand: 17.6% have a reject policy in place to block unqualified emails, while 17.6% of companies implemented quarantine and 52.9% at the monitor level still. China: Only 4.2% of top Chinese companies have the strictest level of DMARC in place. A startling 71.8% do not use any DMARC protection at all. Major Providers and Compliance Mandates Push for DMARC Adoption Major email providers are making moves to force companies to catch up and use email authentication. Some highly-publicised examples include the October 2023 announcements from Google, Yahoo and Apple around mandatory email authentication requirements (including DMARC) for bulk senders sending emails to Gmail, Yahoo and iCloud accounts. This aims to significantly reduce spam and fraudulent emails hitting their customers’ inboxes. In addition, organisations that store consumer payment information must comply with the Payment Card Industry Data Security Standard (PCI-DSS) or risk paying hefty fines for violations. The latest PCI DSS (v4.0.1) will require companies to use DMARC to protect credit card data by March 31, 2025. Proofpoint recommends that organisations follow these best practices: Implement DMARC: Protect your domain from impersonation by implementing DMARC and enforcing it at the reject level. Seek expert assistance if needed to avoid blocking legitimate emails. Educate employees: Train staff on how to identify and avoid potentially fraudulent or suspicious emails, such as those impersonating colleagues, suppliers, or customers. Strengthen passwords: Establish and enforce best practices for password management, including requiring strong passwords, regular changes, and never re-using passwords across multiple accounts. This analysis was conducted in December 2024 using data from companies listed on Forbes Global 2000. To learn more about DMARC, visit: https://www.proofpoint.com/au/threat-reference/dmarc Hashtag: #Proofpoint The issuer is solely responsible for the content of this announcement. About Proofpoint, Inc. Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organisations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com. Connect with Proofpoint: X | LinkedIn | Facebook | YouTube Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

SINGAPORE – Media OutReach Newswire – 21 February 2025 – Lussocitta, a luxury bag retailer based in Singapore, announces its partnership with iShopChangi, Changi Airport’s online shopping platform. This collaboration makes Lussocitta the sole multi-brand seller on the platform, offering a selection of brand-name bags at competitive prices, with added customer benefits. Lussocitta is partnering with iShopChangi Exclusive Offerings on iShopChangi Founded in 2009, Lussocitta has built its presence by offering a wide range of luxury bags through its online platform, featuring brands such as Gucci, Coach, Kate Spade, Marc Jacobs, and more. Through its partnership with iShopChangi, the e-commerce shopping platform of Changi Airport, Lussocitta aims to extend its reach and make luxury fashion more accessible to a broader audience. A key advantage of this collaboration is that customers can enjoy greater savings without compromising on quality. Shoppers on iShopChangi will have the opportunity to use time-limited promotional codes and access exclusive deals on selected luxury handbags and accessories. Customers will also earn Changi Rewards points with every purchase on iShopChangi, which can be used to offset future purchases, adding value to their overall experience. Beyond these savings, customers can shop with confidence, knowing that all products are sourced directly from official channels, guaranteeing authenticity and premium quality. Lussocitta remains committed to transparent shopping practices, including clear return policies, providing customers with confidence in their purchases. A Vision for Growth The partnership aligns with Lussocitta’s goal of expanding its market across Southeast Asia. By leveraging iShopChangi’s platform, Lussocitta can reach a broader audience of customers, offering them convenient access to luxury fashion. The collaboration provides an opportunity to enhance the shopping experience for consumers by offering competitive pricing and exclusive discounts on brand-name bags and accessories. Together, Lussocitta and iShopChangi aim to reinforce their shared commitment to providing a seamless and reliable shopping journey for all customers. Hashtag: #Lussocitta https://www.lussocitta.com/https://www.facebook.com/lussocittasg/https://www.instagram.com/lussocittasg/?hl=en The issuer is solely responsible for the content of this announcement. About Lussocitta Founded in 2009, Lussocitta is a Singapore-based luxury bag retailer offering a curated selection of designer handbags from popular brands, all in a single platform. With a focus on authenticity and ethical sourcing, Lussocitta provides a seamless online shopping experience, ensuring customers access to high-quality products backed by a commitment to responsible business practices.

SINGAPORE – Media OutReach Newswire – 21 February 2025 – Lussocitta, a luxury bag retailer based in Singapore, announces its partnership with iShopChangi, Changi Airport’s online shopping platform. This collaboration makes Lussocitta the sole multi-brand seller on the platform, offering a selection of brand-name bags at competitive prices, with added customer benefits. Lussocitta is partnering with iShopChangi Exclusive Offerings on iShopChangi Founded in 2009, Lussocitta has built its presence by offering a wide range of luxury bags through its online platform, featuring brands such as Gucci, Coach, Kate Spade, Marc Jacobs, and more. Through its partnership with iShopChangi, the e-commerce shopping platform of Changi Airport, Lussocitta aims to extend its reach and make luxury fashion more accessible to a broader audience. A key advantage of this collaboration is that customers can enjoy greater savings without compromising on quality. Shoppers on iShopChangi will have the opportunity to use time-limited promotional codes and access exclusive deals on selected luxury handbags and accessories. Customers will also earn Changi Rewards points with every purchase on iShopChangi, which can be used to offset future purchases, adding value to their overall experience. Beyond these savings, customers can shop with confidence, knowing that all products are sourced directly from official channels, guaranteeing authenticity and premium quality. Lussocitta remains committed to transparent shopping practices, including clear return policies, providing customers with confidence in their purchases. A Vision for Growth The partnership aligns with Lussocitta’s goal of expanding its market across Southeast Asia. By leveraging iShopChangi’s platform, Lussocitta can reach a broader audience of customers, offering them convenient access to luxury fashion. The collaboration provides an opportunity to enhance the shopping experience for consumers by offering competitive pricing and exclusive discounts on brand-name bags and accessories. Together, Lussocitta and iShopChangi aim to reinforce their shared commitment to providing a seamless and reliable shopping journey for all customers. Hashtag: #Lussocitta https://www.lussocitta.com/https://www.facebook.com/lussocittasg/https://www.instagram.com/lussocittasg/?hl=en The issuer is solely responsible for the content of this announcement. About Lussocitta Founded in 2009, Lussocitta is a Singapore-based luxury bag retailer offering a curated selection of designer handbags from popular brands, all in a single platform. With a focus on authenticity and ethical sourcing, Lussocitta provides a seamless online shopping experience, ensuring customers access to high-quality products backed by a commitment to responsible business practices.

SINGAPORE – Media OutReach Newswire – 21 February 2025 – Lussocitta, a luxury bag retailer based in Singapore, announces its partnership with iShopChangi, Changi Airport’s online shopping platform. This collaboration makes Lussocitta the sole multi-brand seller on the platform, offering a selection of brand-name bags at competitive prices, with added customer benefits. Lussocitta is partnering with iShopChangi Exclusive Offerings on iShopChangi Founded in 2009, Lussocitta has built its presence by offering a wide range of luxury bags through its online platform, featuring brands such as Gucci, Coach, Kate Spade, Marc Jacobs, and more. Through its partnership with iShopChangi, the e-commerce shopping platform of Changi Airport, Lussocitta aims to extend its reach and make luxury fashion more accessible to a broader audience. A key advantage of this collaboration is that customers can enjoy greater savings without compromising on quality. Shoppers on iShopChangi will have the opportunity to use time-limited promotional codes and access exclusive deals on selected luxury handbags and accessories. Customers will also earn Changi Rewards points with every purchase on iShopChangi, which can be used to offset future purchases, adding value to their overall experience. Beyond these savings, customers can shop with confidence, knowing that all products are sourced directly from official channels, guaranteeing authenticity and premium quality. Lussocitta remains committed to transparent shopping practices, including clear return policies, providing customers with confidence in their purchases. A Vision for Growth The partnership aligns with Lussocitta’s goal of expanding its market across Southeast Asia. By leveraging iShopChangi’s platform, Lussocitta can reach a broader audience of customers, offering them convenient access to luxury fashion. The collaboration provides an opportunity to enhance the shopping experience for consumers by offering competitive pricing and exclusive discounts on brand-name bags and accessories. Together, Lussocitta and iShopChangi aim to reinforce their shared commitment to providing a seamless and reliable shopping journey for all customers. Hashtag: #Lussocitta https://www.lussocitta.com/https://www.facebook.com/lussocittasg/https://www.instagram.com/lussocittasg/?hl=en The issuer is solely responsible for the content of this announcement. About Lussocitta Founded in 2009, Lussocitta is a Singapore-based luxury bag retailer offering a curated selection of designer handbags from popular brands, all in a single platform. With a focus on authenticity and ethical sourcing, Lussocitta provides a seamless online shopping experience, ensuring customers access to high-quality products backed by a commitment to responsible business practices.

SINGAPORE – Media OutReach Newswire – 21 February 2025 – Lussocitta, a luxury bag retailer based in Singapore, announces its partnership with iShopChangi, Changi Airport’s online shopping platform. This collaboration makes Lussocitta the sole multi-brand seller on the platform, offering a selection of brand-name bags at competitive prices, with added customer benefits. Lussocitta is partnering with iShopChangi Exclusive Offerings on iShopChangi Founded in 2009, Lussocitta has built its presence by offering a wide range of luxury bags through its online platform, featuring brands such as Gucci, Coach, Kate Spade, Marc Jacobs, and more. Through its partnership with iShopChangi, the e-commerce shopping platform of Changi Airport, Lussocitta aims to extend its reach and make luxury fashion more accessible to a broader audience. A key advantage of this collaboration is that customers can enjoy greater savings without compromising on quality. Shoppers on iShopChangi will have the opportunity to use time-limited promotional codes and access exclusive deals on selected luxury handbags and accessories. Customers will also earn Changi Rewards points with every purchase on iShopChangi, which can be used to offset future purchases, adding value to their overall experience. Beyond these savings, customers can shop with confidence, knowing that all products are sourced directly from official channels, guaranteeing authenticity and premium quality. Lussocitta remains committed to transparent shopping practices, including clear return policies, providing customers with confidence in their purchases. A Vision for Growth The partnership aligns with Lussocitta’s goal of expanding its market across Southeast Asia. By leveraging iShopChangi’s platform, Lussocitta can reach a broader audience of customers, offering them convenient access to luxury fashion. The collaboration provides an opportunity to enhance the shopping experience for consumers by offering competitive pricing and exclusive discounts on brand-name bags and accessories. Together, Lussocitta and iShopChangi aim to reinforce their shared commitment to providing a seamless and reliable shopping journey for all customers. Hashtag: #Lussocitta https://www.lussocitta.com/https://www.facebook.com/lussocittasg/https://www.instagram.com/lussocittasg/?hl=en The issuer is solely responsible for the content of this announcement. About Lussocitta Founded in 2009, Lussocitta is a Singapore-based luxury bag retailer offering a curated selection of designer handbags from popular brands, all in a single platform. With a focus on authenticity and ethical sourcing, Lussocitta provides a seamless online shopping experience, ensuring customers access to high-quality products backed by a commitment to responsible business practices.