Airline DMARC Policies Lag, Opening Flyers to Email Fraud

Up to 61 percent out of the IATA (International Air Transport Association) airline members do not have a published DMARC record.

Up to 61 percent out of the IATA (International Air Transport Association) airline members do not have a published DMARC record.

More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is considered the industry standard for email authentication to prevent attackers from sending mails with counterfeit addresses. It does so by authenticating the sender’s identity before allowing the message to reach its intended designation – and verifying that the purported domain of the sender has not been impersonated.

In a study of 296 member airlines of the International Air Transport Association (IATA), researchers with Proofpoint found that 61 percent have no published DMARC record in place, meaning they have no visibility into unauthorized use of their domains – and therefore into fraudulent emails claiming to be from them.

“Overall, major global carriers are failing to implement adequate email protection – leaving themselves open to phishing, impersonation attacks and other unauthorized use of corporate domains. This is despite email remaining the number one threat vector for cybercriminals,” according to Adenike Cosgrove with Proofpoint in a Tuesday report.

vulnerabilities web security airlines dmarc security

Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots

At [email protected], Luta Security CEO Katie Moussouris stressed that bug bounty programs aren't a 'silver bullet' for security teams.

Here is a list of seven key elements that should be considered in your web app security strategy. Web Application Security has been one of the most significant parts when it comes to web app development.

Due to rising customer demands and rapid, feature-driven development, security often takes the backseat and vulnerabilities are introduced…

Attackers could have exploited various flaws in OkCupid's mobile app and webpage to steal victims' sensitive data and even send messages out from their profiles.