Please register to access this content.
To continue viewing the content you love, please sign in or create a new account
Dismiss
This content is for our paying subscribers only

Business Aviation

Majority of airlines at risk of email frauds, says Proofpoint study

That's because they still have not implemented strictest guidelines on 'domain messaging'



Easy target? Email frauds have become widespread when it comes to targetting susceptible travellers opening emails that are purportedly from airlines.
Image Credit: Gulf News Archive

A majority of global airlines - 61 per cent - are susceptible to email-based cyber attacks because they don't have the correct email authentication protocol.

The absence of 'DMARC' - or Domain-based Message Authentication, Reporting & Conformance - means airlines run the risk of cybercriminals spoofing their identity. This also increases the risk of email frauds targeting consumers, according to Cyber security firm Proofpoint.

Cyber criminals are taking advantage of the airline industry’s current situation to unleash phishing emails that promise customers flight tickets, credits, and refunds.

See More

On the attack

“While the travel sector has always been a rife target for cyber criminals, the pandemic has offered new grounds for the targeting of travellers globally," said Adenike Cosgrove, Cybersecurity Strategist, International at Proofpoint. "Whether booking new flights, or seeking information on flight cancellations, one thing remains the same: many people worldwide are eagerly awaiting communication from airlines.”

Advertisement

The report adds that 93 per cent of the global airlines have not implemented the strictest and recommended level of DMARC protection. That setting and policy is known as “Reject” and actually blocks fraudulent emails from reaching their intended target.

Laxness

In the Middle East and Africa, 26 out of 61 airlines have a DMARC policy published and only 4 out of 61 have the full recommended implementation of the protocol.

Major global carriers are failing to implement adequate email protection – leaving themselves open to phishing, impersonation attacks and other unauthorized use of corporate domains. This is despite email remaining the number one threat vector for cybercriminals.

“Worryingly, at a time when opportunistic cyber criminals may look to take advantage of such global uncertainty, the majority of international airlines are leaving their customers exposed to email fraud,” said Cosgrove.

Advertisement