ObserveIT Insider Threat Management Platform

Security Brief: More than 90% of Global Airlines Exposed to Email Fraud Risk

Share with your network!

The COVID-19 pandemic saw international travel halted and while many regions are still unable to travel, a number of countries worldwide are slowly ungrounding their airlines.

While the travel sector has always been a rife target for cyber criminals, the pandemic has offered new grounds for the targeting of travellers globally. Whether booking new flights, or seeking information on flight cancellations, one thing remains the same: many people worldwide are eagerly awaiting communication from airlines.

Worryingly, at a time when opportunistic cyber criminals may look to take advantage of such global uncertainty, the majority of international airlines are leaving their customers exposed to email fraud.

In an examination of the 296 member airlines of the International Air Transport Association (IATA), Proofpoint uncovered that 61 percent of these organizations do not have a published DMARC (Domain-based Message Authentication, Reporting & Conformance) record, making them potentially more susceptible to cybercriminals spoofing their identity and increasing the risk of email fraud targeting consumers. IATA member airlines represent 82 percent of total air traffic and the association itself does have a full DMARC 'reject' policy in place.

Further, a massive 93 percent of the global airlines have not implemented the strictest and recommended level of DMARC protection. That setting and policy is known as “Reject” and actually blocks fraudulent emails from reaching their intended target. This means that only 7 percent are proactively blocking fraudulent emails from reaching their customers’ inboxes.

DMARC, which is an email validation protocol designed to protect domain names from being misused by cybercriminals, authenticates the sender’s identity before allowing the message to reach its intended designation. It verifies that the purported domain of the sender has not been impersonated and relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the trusted domain.

An international issue

Overall, major global carriers are failing to implement adequate email protection – leaving themselves open to phishing, impersonation attacks and other unauthorized use of corporate domains. This is despite email remaining the number one threat vector for cybercriminals.

That said, adoption levels differ from region to region. Out of the regions classified by IATA, China & North Asia has the lowest level of DMARC adoption, with 85 percent having no published policy at all, therefore no visibility into unauthorized use of their domains. This is followed by Asia Pacific (70 percent), Europe and Middle East & Africa (both regions at 57 percent) and The Americas (43 percent).

When it comes to proactively protecting their customers against email fraud, China & North Asia fares the worst with 100 percent of its carriers not having the strictest DMARC policy in place (Reject). This is followed by Europe and Middle East & Africa (both regions at 93 percent), and APAC and The Americas (both at 89 percent).

Airlines DMARC

It is critically important that the communication methods used by airlines and every other industry is secure. We recommend implementing robust email defences and inbound threat blocking capabilities (including deploying DMARC email authentication protocols).

For more information on DMARC, email fraud, and Proofpoint’s email security solutions, please visit: https://www.proofpoint.com/us/products/email-protection. And for more information on how to get started with DMARC, please visit: https://www.proofpoint.com/us/resources/white-papers/getting-started-with-dmarc.