INTELLIGENT MOBILE TECHNOLOGY
55 % UAE’ s top travel sites vulnerable to email fraud impersonation finds Proofpoint
P roofpoint released new research revealing that 85 % of the top online travel sites in UAE have adopted Domain-based Message Authentication, Reporting and Conformance, DMARC, a key email security protocol that helps protect users from email fraud. However, only 45 % of these sites have implemented it at the highest enforcement level of reject, which actively blocks unauthorised emails from reaching inboxes. The findings are based on a DMARC adoption analysis of the top 20 online travel sites in the UAE, and across Europe and the Middle East.
DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender’ s identity before allowing a message to reach its intended destination. DMARC has three levels of protection – monitor, quarantine and reject, with reject being the most secure for preventing suspicious emails from reaching the inbox.
With travel demand in the UAE continuing to rise, a recent KPMG study found that 77 % of UAE travellers use mobile apps or hotel booking services, increasing the volume of digital interactions between consumers and travel brands.
But as consumers eagerly plan and book their getaways, this surge in activity
– coupled with a high volume of emails and promotional offers from travel companies – creates a perfect storm for cybercriminals, turning dream holidays into costly scams through sophisticated email fraud.
The UAE demonstrates stronger foundational email security adoption compared to its European counterparts, with 85 % of the top travel sites publishing a DMARC record, reflecting growing awareness of cybersecurity best practices across the country’ s travel sector.
However, there is room for improvement with only 45 % of the UAE’ s top travel sites using the policy at reject level, meaning 55 % are leaving their customers, staff, and partners more vulnerable to receiving fraudulent emails impersonating these brands.
“ Holiday bookings often represent a significant number of high-value financial transactions and bring experiences of high personal and emotional value; this combination makes travellers prime targets for cybercriminals. Attackers actively use sophisticated email fraud, especially during peak holiday season, to exploit vulnerabilities,” says Matt Cooke, cybersecurity strategist, Proofpoint.
Fake booking confirmations, too-good-tobe-true deals, and urgent payment requests for supposed flight changes are common tactics. These fraudulent communications
Matt Cooke, Cybersecurity Strategist, Proofpoint
can appear highly convincing, putting travellers’ finances and personal data at risk.
“ Travel companies bear a social responsibility to do everything they can to stop convincing scam emails being sent in their name, to holidaymakers,” continues Cooke.
Implementing DMARC technology to its fullest level of reject allows travel companies to massively reduce the risk of that happening, protecting both their brand and all of the holidaymakers at the same time.
Proofpoint advises consumers to follow these tips to stay safe when booking and managing travel online. Use strong, unique passwords for travel accounts and booking sites. Enable multi-factor authentication, MFA wherever possible to add an extra layer of security. Watch out for fake travel deals – and websites. Be wary of unsolicited offers that seem too good to be true. •
50 50 www. intelligenttechchannels. com