Airline DMARC Policies Lag, Opening Flyers to Email Fraud

More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is considered the industry standard for email authentication to prevent attackers from sending mails with counterfeit addresses. It does so by authenticating the sender’s identity before allowing the message to reach its intended designation – and verifying that the purported domain of the sender has not been impersonated.

In a study of 296 member airlines of the International Air Transport Association (IATA), researchers with Proofpoint found that 61 percent have no published DMARC record in place, meaning they have no visibility into unauthorized use of their domains – and therefore into fraudulent emails claiming to be from them.

Read more…
Source: ThreatPost