Email scams target holiday bookings: How UAE travel sites are fighting back
85% of UAE travel brands now use DMARC email security to protect holidaymakers from scams
Dubai: As the UAE’s travel industry booms, with demand skyrocketing and holidaymakers flocking to book their getaways, one of the biggest threats to their plans comes not from travel delays, but from cybercriminals.
US-based cybersecurity firm Proofpoint revealed 85% of the UAE’s top online travel brands have implemented DMARC (Domain-based Message Authentication, Reporting & Conformance), an email security protocol designed to block fraudulent emails.
But while this is a positive step, there's still work to be done to fully protect holidaymakers.
What is DMARC, why it matters
DMARC is a key defense against email fraud, allowing businesses to authenticate their emails and ensure they are sent only from legitimate sources. It is widely used by travel brands to protect customers from phishing attempts — fraudulent emails impersonating trusted companies.
These emails often lead to scams such as fake booking confirmations, fraudulent flight changes, or "too-good-to-be-true" deals that steal personal information and money. Despite its importance, the study revealed a gap in adoption.
While 85% of the UAE’s leading travel sites have implemented DMARC, only 45% are using the highest security level, known as “reject”, which actively blocks malicious emails. Without this level of enforcement, a large proportion of emails from these sites may still be vulnerable to cybercriminal manipulation.
Growing threat of email fraud
Email scams during peak booking periods are more than just a minor nuisance — they are a real risk to travellers and businesses. According to recent findings, a surge in digital bookings has turned the UAE travel sector into a prime target for hackers.
With 77% of UAE travellers using mobile apps or online booking services, the volume of emails and offers from travel companies has also increased. This creates a perfect storm for scammers, as the number of unsolicited emails offering discounts or fake confirmations rises exponentially.
Matt Cooke, cybersecurity strategist at Proofpoint, emphasises the urgency of implementing stronger email security measures: “Fraudulent booking confirmations, fake offers, and urgent requests for payment are all too common during peak holiday seasons. This makes travellers prime targets for cybercriminals looking to exploit vulnerabilities.”
UAE leads, but more can be done
While the UAE is leading the way with email security in comparison to other regions, there’s still room for improvement. The research shows that 85% of UAE’s top 20 travel sites have adopted DMARC, a higher percentage than their counterparts in Europe. However, when it comes to enforcing the highest level of protection — "reject" — only 45% of UAE sites have fully implemented this measure. This leaves the remaining 55% of travel brands vulnerable to email fraud, a significant concern considering the financial value of holiday bookings.
In comparison, 88% of European and Middle Eastern travel sites have adopted basic DMARC records, but only 46% of those are using the “reject” policy. The challenge is clear: while the UAE is on the right track, it’s crucial for all travel brands to take the extra step and implement the highest level of email security to protect customers.
How DMARC helps protect you
DMARC has three levels of protection — monitor, quarantine, and reject. The reject level is the most secure and ensures that fraudulent emails are actively blocked before reaching your inbox.
If more UAE travel brands implement this, the risk of falling victim to phishing attacks and other email scams will decrease significantly.
Stay safe while booking your vacation
While travel sites are doing their part, there are several steps consumers can take to protect themselves from falling prey to email fraud during the peak holiday season. Here are some simple yet effective tips:
Use strong, unique passwords: Protect your travel accounts by using unique passwords, and enable multi-factor authentication (MFA) whenever possible.
Watch out for suspicious offers: If a deal seems too good to be true, it probably is. Scammers often create fake websites or send offers via email that are designed to steal your money and credentials.
Beware of phishing emails, smishing scams: Look out for emails or SMS messages that request personal information or immediate action, such as fake flight change notifications or booking confirmations.
Don’t click on unsolicited links: Avoid clicking on suspicious links in emails or social media messages. Always type the official website address directly into your browser.
Research before you book: Before booking or downloading a new app, check for reviews and make sure the travel company is reputable. Look for customer complaints or issues with the site.
Bottom line: Cybersecurity is key
As travel continues to surge in the UAE, with more and more residents and tourists booking trips digitally, the threat of email fraud isn’t going anywhere.
While travel brands are taking important steps to protect their customers with DMARC, residents must also remain vigilant. Following simple cybersecurity best practices can help ensure that your dream vacation stays exactly that — a dream, not a nightmare.
Sign up for the Daily Briefing
Get the latest news and updates straight to your inbox
