Email scams target holiday bookings: How UAE travel sites are fighting back

Dubai: As the UAE’s travel industry booms, with demand skyrocketing and holidaymakers flocking to book their getaways, one of the biggest threats to their plans comes not from travel delays, but from cybercriminals.

US-based cybersecurity firm Proofpoint revealed 85% of the UAE’s top online travel brands have implemented DMARC (Domain-based Message Authentication, Reporting & Conformance), an email security protocol designed to block fraudulent emails.

But while this is a positive step, there's still work to be done to fully protect holidaymakers.

DMARC is a key defense against email fraud, allowing businesses to authenticate their emails and ensure they are sent only from legitimate sources. It is widely used by travel brands to protect customers from phishing attempts — fraudulent emails impersonating trusted companies.

These emails often lead to scams such as fake booking confirmations, fraudulent flight changes, or "too-good-to-be-true" deals that steal personal information and money. Despite its importance, the study revealed a gap in adoption.

While 85% of the UAE’s leading travel sites have implemented DMARC, only 45% are using the highest security level, known as “reject”, which actively blocks malicious emails. Without this level of enforcement, a large proportion of emails from these sites may still be vulnerable to cybercriminal manipulation.

Email scams during peak booking periods are more than just a minor nuisance — they are a real risk to travellers and businesses. According to recent findings, a surge in digital bookings has turned the UAE travel sector into a prime target for hackers.

With 77% of UAE travellers using mobile apps or online booking services, the volume of emails and offers from travel companies has also increased. This creates a perfect storm for scammers, as the number of unsolicited emails offering discounts or fake confirmations rises exponentially.

Matt Cooke, cybersecurity strategist at Proofpoint, emphasises the urgency of implementing stronger email security measures: “Fraudulent booking confirmations, fake offers, and urgent requests for payment are all too common during peak holiday seasons. This makes travellers prime targets for cybercriminals looking to exploit vulnerabilities.”

While the UAE is leading the way with email security in comparison to other regions, there’s still room for improvement. The research shows that 85% of UAE’s top 20 travel sites have adopted DMARC, a higher percentage than their counterparts in Europe. However, when it comes to enforcing the highest level of protection — "reject" — only 45% of UAE sites have fully implemented this measure. This leaves the remaining 55% of travel brands vulnerable to email fraud, a significant concern considering the financial value of holiday bookings.

In comparison, 88% of European and Middle Eastern travel sites have adopted basic DMARC records, but only 46% of those are using the “reject” policy. The challenge is clear: while the UAE is on the right track, it’s crucial for all travel brands to take the extra step and implement the highest level of email security to protect customers.

DMARC has three levels of protection — monitor, quarantine, and reject. The reject level is the most secure and ensures that fraudulent emails are actively blocked before reaching your inbox.

If more UAE travel brands implement this, the risk of falling victim to phishing attacks and other email scams will decrease significantly.

While travel sites are doing their part, there are several steps consumers can take to protect themselves from falling prey to email fraud during the peak holiday season. Here are some simple yet effective tips:

As travel continues to surge in the UAE, with more and more residents and tourists booking trips digitally, the threat of email fraud isn’t going anywhere.

While travel brands are taking important steps to protect their customers with DMARC, residents must also remain vigilant. Following simple cybersecurity best practices can help ensure that your dream vacation stays exactly that — a dream, not a nightmare.