Proofpoint, released a research identifying that only 17% of hotel brands in Dubai have implemented the recommended and strictest level of Domain-based Message Authentication, Reporting and Conformance protection, which prevents cybercriminals from spoofing their identity and reduces the risk of email fraud. This may leave travellers visiting Dubai open to email fraud from 83% of the hotel chains.
Despite this, encouragingly, the analysis revealed that almost two-thirds of the hotel brands analysed have taken initial steps to protect their customers from email fraud, with 63% publishing a DMARC record.
The lack of a DMARC record makes companies potentially more susceptible to cyber criminals spoofing their identity and increasing the risk of email fraud targeting their customers. Reject is the strictest and recommended level of DMARC protection, a setting and policy that blocks fraudulent emails from reaching their intended target.
Emile Abou Saleh, Regional Director, Middle East and Africa at Proofpoint, said: “The hospitality sector has worked hard to build consumer confidence in the aftermath of COVID-19, rigorously implementing health and safety protocols and accelerating technology adoption to improve the guest experience. However, as our research shows, a majority of hotel brands in Dubai could be doing more to prioritise cybersecurity and ensure their customers are less vulnerable to email fraud. This is crucial given that email remains the number one threat vector for cybercriminals.”
The UAE and Dubai’s hospitality industry is preparing for surging demand, amidst lifting of travel curbs from the US, UK, and Saudi Arabia, and the start of six-month Expo 2020 in early October 2021. Sensing a prime opportunity from increased demand, cybercriminals may capitalise on the potential increase in email communications to try and trick hotel guests with phishing emails.
DMARC, which is an email validation protocol designed to protect domain names from being misused by cybercriminals, authenticates the sender’s identity before allowing the message to reach its intended designation. It verifies that the purported domain of the sender has not been impersonated and relies on the established DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to ensure the email is not spoofing the trusted domain.
“While hotels have started to implement smart technology solutions to elevate the guest experience and offer personalized services, they should also prioritize deploying adequate email protection and inbound threat blocking capabilities (including deploying DMARC email authentication protocols) to make the hospitality experience better for all,” concluded Emile Abou Saleh.
The Proofpoint research covered all major hotel brands with a presence in Dubai and used the master corporate domain for each brand for the analysis.