The COVID-19 pandemic saw international travel halted and while many regions are still unable to travel, a number of countries worldwide are slowly ungrounding their airlines.
In an examination of the 296 member airlines of the International Air Transport Association (IATA), Proofpoint uncovered that 61 percent of these organisations do not have a published DMARC (Domain-based Message Authentication, Reporting & Conformance) record, making them potentially more susceptible to cybercriminals spoofing their identity and increasing the risk of email fraud targeting consumers. IATA member airlines represent 82 percent of total air traffic.
Further, a massive 93 percent of the global airlines have not implemented the strictest and recommended level of DMARC protection. That setting and policy is known as “Reject” and actually blocks fraudulent emails from reaching their intended target. This means that only 7 percent are proactively blocking fraudulent emails from reaching their customers’ inboxes.
In the MEA region, 26 out of 61 airlines have a DMARC policy published, meaning 57 percent have no DMARC protection in place at all. However, only 4 out of 61 (7 percent) have the full recommended implementation of DMARC to protect customers from fraudulent emails spoofing their domain. That means a staggering 93 percent do not have the required security in place to prevent fraudulent attacks impersonating their domain from reaching users.
“While the travel sector has always been a rife target for cyber criminals, the pandemic has offered new grounds for the targeting of travellers globally. Whether booking new flights, or seeking information on flight cancellations, one thing remains the same: many people worldwide are eagerly awaiting communication from airlines,” said Adenike Cosgrove, Cybersecurity Strategist, International at Proofpoint. “Worryingly, at a time when opportunistic cyber criminals may look to take advantage of such global uncertainty, the majority of international airlines are leaving their customers exposed to email fraud.”
DMARC, which is an email validation protocol designed to protect domain names from being misused by cybercriminals, authenticates the sender’s identity before allowing the message to reach its intended designation. It verifies that the purported domain of the sender has not been impersonated and relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the trusted domain.
Overall, major global carriers are failing to implement adequate email protection – leaving themselves open to phishing, impersonation attacks and other unauthorised use of corporate domains. This is despite email remaining the number one threat vector for cybercriminals.
That said, adoption levels differ from region to region. Out of the regions classified by IATA, China & North Asia has the lowest level of DMARC adoption, with 85 percent having no published policy at all, therefore no visibility into unauthorised use of their domains. This is followed by Asia Pacific (70 percent), Europe and Middle East & Africa (both regions at 57 percent) and The Americas (43 percent).
When it comes to proactively protecting their customers against email fraud, China & North Asia fares the worst with 100 percent of its carriers not having the strictest DMARC policy in place (Reject). This is followed by Europe and Middle East & Africa (both regions at 93 percent), and APAC and The Americas (both at 89 percent).
“It is critically important that the communication methods used by airlines and every other industry are secure. We recommend implementing robust email defences and inbound threat blocking capabilities (including deploying DMARC email authentication protocols),”added Cosgrove.