Tourism Breaking News
Proofpoint, Inc., a leading cybersecurity and compliance company released new research revealing that 85% of the top online travel sites* in the UAE have adopted Domain-based Message Authentication, Reporting and Conformance (DMARC), a key email security protocol that helps protect users from email fraud. However, only 45% of these sites have implemented it at the highest enforcement level of “reject,” which actively blocks unauthorised emails from reaching inboxes. The findings are based on a DMARC adoption analysis of the top 20 online travel sites in the UAE, and across Europe and the Middle East. DMARC is an email validation protocol designed to protect domain names from being misused by cybercriminals. It authenticates the sender’s identity before allowing a message to reach its intended destination. DMARC has three levels of protection – monitor, quarantine and reject, with reject being the most secure for preventing suspicious emails from reaching the inbox. With travel demand in the UAE continuing to rise, a recent KPMG study found that 77% of UAE travellers use mobile apps or hotel booking services, increasing the volume of digital interactions between consumers and travel brands. But as consumers eagerly plan and book their getaways, this surge in activity – coupled with a high volume of emails and promotional offers from travel companies – creates a perfect storm for cybercriminals, turning dream holidays into costly scams through sophisticated email fraud.
Key findings include:
• The UAE demonstrates stronger foundational email security adoption compared to its European counterparts, with 85% of the top travel sites publishing a DMARC record, reflecting growing awareness of cybersecurity best practices across the country’s travel sector.
• However, there is room for improvement with only 45% of the UAE’s top travel sites using the policy at “reject” level, meaning 55% are leaving their customers, staff, and partners more vulnerable to receiving fraudulent emails impersonating these brands.
• On average, 88% of the top travel websites across Europe and the Middle East have published a basic DMARC record. However, only 46% of all travel sites analysed are at reject, meaning 54% of the top travel sites across the regions are leaving customers at risk of email fraud.
“Holiday bookings often represent a significant number of high-value financial transactions and bring experiences of high personal and emotional value; this combination makes travellers prime targets for cybercriminals. Attackers actively use sophisticated email fraud, especially during peak holiday season, to exploit vulnerabilities,” says Matt Cooke, cybersecurity strategist, Proofpoint. “Fake booking confirmations, too-good-to-be-true deals, and urgent payment requests for supposed flight changes are common tactics. These fraudulent communications can appear highly convincing, putting travellers’ finances and personal data at risk.”
“Travel companies bear a social responsibility to do everything they can to stop convincing scam emails being sent in their name, to holidaymakers,” continues Cooke. “Implementing DMARC technology to its fullest level of ‘reject’ allows travel companies to massively reduce the risk of that happening, protecting both their brand and all of the holidaymakers at the same time., it’s a win-win.”
Proofpoint advises consumers to follow these tips to stay safe when booking and managing travel online:
1. Secure your bookings – and your accounts. Use strong, unique passwords for travel accounts and booking sites. Enable multi-factor authentication (MFA) wherever possible to add an extra layer of security.
2. Watch out for fake travel deals – and websites. Be wary of unsolicited offers that seem too good to be true. Scammers create convincing fake websites for airlines, hotels, or comparison sites to steal money and credentials. Always book through official sites or reputable, verified agents.
3. Navigate away from phishing trips – and smishing scams. Stay alert to phishing emails or smishing (SMS phishing) messages regarding flight changes, booking confirmations, or visa applications that demand urgent action or personal details. These often lead to fake login pages designed to capture your information.
4. Don’t get detoured by suspicious links. Avoid clicking directly on links in unsolicited emails, social media messages, or pop-up ads, especially for special offers or urgent alerts. Instead, type the official website address directly into your browser.
5. Check reviews before You book. Fraudulent travel offers, websites, and apps can look deceptively genuine. Before providing payment details or downloading a new travel app, invest time in researching the company, reading independent online reviews, and checking for customer complaints.
