Skip to main content

Major airlines fail to block fraudulent emails

Email warning
(Image credit: Shutterstock)

As travelers wait to hear back from airlines about new flights now that travel bans are being lifted, new research from Proofpoint has revealed the majority of international airlines are leaving their customers exposed to email fraud.

Although the travel sector has always been a potential target for cyberattacks, the pandemic has provided cybercriminals with new opportunities to target global travelers.

In its examination of the 296 member airlines of the International Air Transport Association (IATA), Proofpoint discovered that more than half (61%) of these organizations do not have a published DMARC (Domain-based Message Authentication, Reporting & Conformance) record. This makes these airlines potentially more susceptible to cybercriminals spoofing their identity which increases the risk that their customers will be targeted in email fraud attacks.

Additionally, a massive 93 percent of global airlines have not implemented the strictest and recommended level of DMARC protection. This setting and policy is known as “Reject” and it is capable of blocking fraudulent emails from reaching their intended targets. Proofpoint's research shows that only seven percent of airlines are proactively blocking fraudulent emails from reaching the inboxes of their customers.

DMARC adoption

By failing to implement adequate email protection, international airlines are leaving themselves open to phishing, impersonation attacks and other unauthorized use of corporate domains. However, DMARC adoption levels to differ from region to region.

Out of the regions classified by IATA, China & North Asia has the lowest level of DMARC adoption with 85 percent of airlines operating in the region having no published policy at all. This is followed by the Asia Pacific region (70%), EMEA (57%) and The Americas (43%).

When it comes to proactively protecting their customers against email fraud, China & North Asia fares the worst with 100 percent of its carriers not having DMARC's Reject policy in place followed by EMEA (93%) and APAC and The Americas (both at 89%).

Using strong email protection is highly recommended for all organizations as it will prevent cybercriminals from impersonating your brand and launching phishing attacks on your customers.