Dubai, UAE — The UAE’s travel sector has strengthened its defences against email fraud ahead of the peak summer booking season, although more than half of the country’s leading travel websites still lack the highest level of protection against phishing attacks, cybersecurity company Proofpoint said.
A study by Proofpoint found that 95% of the UAE’s top 20 online travel websites had adopted Domain-based Message Authentication, Reporting and Conformance (DMARC), an email authentication standard designed to prevent cybercriminals from impersonating trusted brands. That compares with 85% a year earlier.
The findings come as travel demand rebounds following months of regional disruption that affected air traffic across parts of the Middle East. With airspace restrictions largely lifted and travel bookings gathering pace ahead of the summer holiday season, cybersecurity experts have warned that fraudsters may seek to exploit increased online activity.
DMARC helps organisations verify whether emails claiming to come from a company’s domain are legitimate. At its strictest “reject” setting, fraudulent emails are blocked before reaching recipients’ inboxes.
Proofpoint said 45% of the travel websites surveyed were operating at the reject level, up from previous years, but 55% had yet to implement the strongest protection setting.
“The progress is real, but moving to reject-level enforcement remains the most direct action a travel brand can take to protect its customers and its reputation,” Kenan Abu Ltaif, Proofpoint’s regional lead for the Middle East and Turkey, said in a statement.
According to the study, the increase in DMARC adoption reflects growing awareness among travel companies of the need to protect customers, employees and business partners from phishing, spoofing and other forms of email-based fraud.
Cybersecurity experts have long warned that the travel sector is a frequent target for online scams, particularly during holiday booking periods when consumers are more likely to receive confirmations, itinerary changes and payment requests by email.
Proofpoint advised travellers to use strong passwords, enable multi-factor authentication, verify travel deals through official channels and avoid clicking links contained in unsolicited emails.
The analysis was conducted in May 2026 and covered the UAE’s 20 most-visited travel websites, identified using data from digital marketing platform SEMrush.
