Only 17 percent of hotel brands in Dubai have implemented the recommended and strictest level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection, which prevents cybercriminals from spoofing their identity and reduces the risk of email fraud, according to a study released by Proofpoint, Inc. Travelers visiting Dubai may be vulnerable to email fraud from 83 percent of hotel chains.
Emile Abou Saleh, Regional Director, Middle East and Africa at Proofpoint, said: “The hospitality sector has worked hard to build consumer confidence in the aftermath of COVID-19, rigorously implementing health and safety protocols and accelerating technology adoption to improve the guest experience. However, as our research shows, a majority of hotel brands in Dubai could be doing more to prioritize cybersecurity and ensure their customers are less vulnerable to email fraud. This is crucial given that email remains the number one threat vector for cybercriminals.”
Despite this, the study found that over two-thirds of the hotel brands studied have taken preliminary steps to safeguard their consumers from email fraud, with 63% publishing a DMARC record.
Without a DMARC record, businesses are more vulnerable to fraudsters faking their identities, potentially raising the risk of email fraud targeting their consumers. The strictest and most recommended level of DMARC protection is Reject, which is a configuration and policy that prevents fraudulent emails from reaching their intended recipient.
With the relaxation of travel restrictions from the United States, the United Kingdom, and Saudi Arabia, and the start of the six-month Expo 2020 in early October 2021, the UAE and Dubai’s hospitality industries are bracing for increased demand. Cybercriminals may take advantage of the probable rise in email exchanges to try to deceive hotel visitors with phishing emails, seeing a golden opportunity from increased demand.
“While hotels have started to implement smart technology solutions to elevate the guest experience and offer personalized services, they should also prioritize deploying adequate email protection and inbound threat blocking capabilities (including deploying DMARC email authentication protocols) to make the hospitality experience better for all,”concluded Emile Abou Saleh.
DMARC is an email validation system that verifies the sender’s identity before enabling the message to reach its intended recipient. It was created to prevent domain names from being misused by cybercriminals. It validates that the sender’s alleged domain has not been impersonated, relying on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to verify that the email does not spoof the trusted domain.
The Proofpoint study looked at all major hotel brands with a presence in Dubai and analyzed each brand’s master corporate domain.