Contact Emirates About Security Issues

This page includes information regarding Emirates security and how security researchers, law enforcement personnel, and members of the media can contact Emirates airline to report a concern or enquire about a security issue.

Customers

  • If you believe that your customer account (or Skywards ID) on Emirates.com has been compromised through phishing or if you have any concern regarding the integrity of your account, we recommend that you  sign in to the Skywards(Opens link) page and change your password immediately.
  • If you have forgotten your Skywards ID password, you can learn how to reset it here(Opens link)
  • If you receive what you believe to be a phishing message claiming to be from Emirates airline, or other entities of The Emirates Group, you can consult The Emirates Group phishing information page and report it. 

Privacy

You can read about our Privacy Policy(Opens link) and how we safeguard your personal information(Opens link).

If you have a concern about the security of your account, you can contact(Opens link) an Emirates call center or speak to us online(Opens link).

Security and privacy researchers

To report security or privacy issues affecting The Emirates Group products or web servers, you can contact security@emirates.com(Opens your email client ). You can also use The Emirates Group's CyberSecurity PGP key to encrypt sensitive information that you send by email. When we receive your email, we send an automatic email acknowledgment. If you do not receive this email, please check the email address and send again. We will respond via this secure channel if we require additional information to investigate a security issue.

For the protection of our customers, The Emirates Group generally does not disclose, discuss, or confirm security issues until a full investigation has been completed and any necessary patches or fixes are available.

Notifications published by The Emirates Group CyberSecurity are signed with The Emirates Group CyberSecurity PGP key. We encourage our customers to verify the signature in order to ensure that any document received has indeed been written by our staff and has not been subject to any changes.

The Emirates Group credits researchers who have reported security issues on The Emirates Group's web servers on The Emirates Group Web Server Notifications page.

Law enforcement

The Emirates Group handles government information requests in accordance with local laws within the countries in which it operates. You can contact GSLEPI@emirates.com(Opens your email client ) if you are a law enforcement agency.

Media

Journalists can contact our press office at PR@emirates.com(Opens your email client ), or visit the Emirates Media Centre(Opens external link in a new tab).

If you think your Skywards ID has been compromised

Are you concerned that an unauthorized person might have access to your Skywards ID? These steps can help you find out and regain control of your account.

Because our customers can use their Skywards ID for Emirates and its partner products and services, we encourage you to ensure that your Skywards account is as secure as possible. We recommend that our customers do not share password information with anyone. If someone you don’t know or don’t trust can sign in with your Skywards account, your account is not secure.

Here are some reasons why the Skywards account you are using may not be secure:

  • Someone else created a Skywards account on your behalf, or you are using a Skywards account provided to you by your travel agent.
  • You are sharing a Skywards account with family or friends. We remind our customers that your Skywards account is your personal account. If you wish to accrue miles for, or from, family members, you can sign up for Skywards’ “My Family” programme.”
  • You do not recognize the Skywards account that is signed in to The Emirates App on your device.
  • You may/have shared your password with someone else intentionally or unintentionally. For example, someone else selected your password for you, you told someone your password, or you might have entered your password on a "phishing" site.
  • You do not have control of the email address or phone number associated with your Skywards account.
  • Your password may be considered weak or has been compromised. You can learn more about weak passwords here(Opens external link in a new tab) and how you should construct a more robust password for your account here(Opens external link in a new tab).

If any of the above sounds familiar , your account may be compromised and we recommend you take the following steps as soon as possible to reset your password and review your account information(Opens link).

How do I know if my Skywards account was compromised?

Your Skywards account might be compromised if you receive an account notification from Emirates Skywards for a change that you did not make, or if you do not recognize changes to account details. For example:

  • You receive an email or notification stating that your Skywards account was used to sign into a device which you do not recognize or did not sign in to recently (for example, "Your Skywards account was used to sign in to Emirates.com on an unknown PC or from an unknown location").
  • You receive a confirmation email from Emirates stating that your Skywards account password was changed, or your account information was updated, but you do not recall making such changes.
  • You see Skywards miles deducted for purchases or redemptions that you did not make.
  • Your password no longer works, or it might have been changed or locked.
  • You do not recognize some or all of your account details.

If you receive an email that you are not sure is valid or you think may be a fraudulent "phishing" email, here are some helpful tips that can help you determine its legitimacy.

How can I gain control of my Skywards account?

If you believe that your Skywards account has been compromised, you can use these steps to gain control of it and review your account information:

  1. Sign in to your Skywards account page(Opens link). If you are unable sign in or you receive a message that the account is locked when you try to sign in, try to reset or unlock your account(Opens link). If you are still unable to sign in, you can contact the Skywards team(Opens link).
  2. Change your Skywards account password(Opens link) and choose a strong password.
  3. Review all the personal and security related information in your account. Update any information that is incorrect or that you do not recognize, including:
  4. Check with your email address provider to make sure that you control every email address associated with your Skywards account. If you do not recognize and control the email addresses associated with the Skywards account, we recommend that you should change the password for the email address or use a different email address.

If you have completed the steps above but still have reason to believe your account is still compromised, you can contact the Emirates contact center(Opens link).

Avoid phishing emails, ‘free ticket scams’, ‘fraudulent invoices’, phony travel agent calls, and other scams

Use these tips to avoid scams and learn what to do if you think your Skywards ID has been compromised.

If you receive an email or someone claiming to be from Emirates calls and asks for your account name and password, then it’s likely you have been the target of a scam.

Scammers use any means to obtain your personal information including but not limited to fake emails, pop-up ads, texts and instant messages, and even phone calls. They will try to trick you into sharing personal information, such as your Skywards ID password or credit card information. Here are some helpful tips on how you can protect your account and avoid scams.

Protect your Skywards ID

Never share your Skywards ID password with anyone. Emirates will never ask you for this as part of our validation process or when providing support. If you believe that your Skywards ID has been compromised, we encourage you to change your password(Opens link) immediately.

If you get a suspicious phone call or voicemail

Scammers are able to spoof phone numbers and may use a combination of flattery and threats to pressure you into giving them information and/or money. We encourage you to verify the caller's identity at all times before providing any personal information. If you receive an unsolicited call from someone claiming to be from Emirates, or if in any doubt about the call, please hang up and contact us(Opens link) directly.

If you receive a phishing email or text message

Scammers also try to copy email and text messages including the unauthorized use of corporate logos and formats from legitimate companies in order to trick you into sharing your personal information and passwords. We recommend our customers do not follow links or open attachments in suspicious or unsolicited messages. Should you need to change or update your personal information, contact us(Opens link) directly.

The following signs can help you to identify potential phishing scams:

  • The sender email address or phone number does not match the name of the company that the sender is claiming to be from.
  • Your email address or phone number is different from the one that you provided to that company.
  • The message starts with a generic greeting, such as “Dear customer.” Most legitimate companies will include your name in their messages to you.
  • A link appears to be legitimate but upon clicking takes you to a website URL which does not match the address of the company website.
  • The message looks significantly different from other messages that you may have received from the company.
  • The message requests personal information, such as credit card details or account password.
  • The message is unsolicited and contains an attachment.

Report phishing attempts and other suspicious messages to Emirates

To report a suspicious email claiming to be from Emirates, you can forward the message to us at abuse@emirates.com(Opens your email client ). Please include complete header(Opens external link in a new tab) information. Whilst this email address is monitored by Emirates, you may not receive an individual reply to your report beyond an auto-acknowledgement.

Protecting Security Information

Due to the sensitive nature of security information, Emirates provides a method for you to:

1. Obtain PGP

You can obtain a commercial or free trial version of PGP Desktop from PGP Corporation(Opens external link in a new tab). Additionally, GnuPG(Opens external link in a new tab) is available as freeware.

2. Emirates CyberSecurity key

This is our PGP key and it is valid until Dec 31st, 2020

Key ID: CD1EEF1E

Key Type: RSA

Expires: 31/12/2020

Key Size: 4096/4096

Fingerprint: 3FFC 9017 EF53 83DD 82EB 9628 4DAF CA38 CD1E EF1E

User ID: security@emirates.com

"-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: pgp.mit.edu

mQINBFrW5z4BEAC77Yfr4UsLkM4LoCCZsvKLlnRbxc0iY08T1edfxf83eGwuj1UlFeZOv37B DzjZZCuOt5/9zztfqdiu4z08kSUa5jEmdC09Rf1UzBlNxchnx1mT3RXHmvWCEUs5x3DdzJ98 kcwyPNHfCaT+Og7LepCdcQ4Y9cl2lE4m1oovjlEw/T7abRkW+uk/TLWWL/Y+o6lbzykg/++A MkNHB2rE1VxlrIfzE3seK1XGU6qLI3PS+VnH6JHefXIK2ytzd2ljNzkkjfFV99SDBCdsz54O u530o5wa7RojsoZj0p6llD75c+zTSpgwWU1gfSvFPpmEdfPoOWK0ViNp8vVi7LrabU/+SfDa ukBVm0p9ML/bMF+ra2yMp5r6nCuYQvullNWG0Htv2ytMxMKOW8xTPUQ1/v71jKQv8ClZcM1U hoKKOU72nPemebvs4vfsxLHlviZwcZzJ3n83CQk334gtjSr3HwCo+9scW4Gim1+GePQtu4NV o+r1T3wA9PccSTlJTIzAIhiROi6lunQGFUqvUlnOxZWkYzZMdyvAWzBcsBBDHK6pjqjs4th5 PetA0Kgd5hCig27sgsg2ilM4h6CxEXHhsA5upathEzYPx7v6YriluZP8fG/H0gGZRe83gs7e wxLbhgKqZ72+ZoeafJ9ha8Vsj44HK5kzn2FG5OQFwRcr6T6UPwARAQABtD1Qcm9kdWN0LVNl Y3VyaXR5QGVtaXJhdGVzLmNvbSA8cHJvZHVjdC1zZWN1cml0eUBlbWlyYXRlcy5jb20+iQJU BBMBCAA+FiEEOn0fcKGh7+HW85DXyuBNxwNh4C0FAlrW5z4CGwMFCQUWigAFCwkIBwIGFQgJ CgsCBBYCAwECHgECF4AACgkQyuBNxwNh4C2wdg//fD/xlQh5Bq0It9pFpOmvD0x9tQAAkk62 TOAiiATPP6vx79pfIsmuu52ZA1iXYVc5H36gleO9apykQYu/V+afBXkpceHV1DkEoU0nKyAZ lnjYaicNMht6MG01JPQVZKt3QO/a8/JFDB44FJJQxcAWANdQvYpv8VO7QrcF4omNOZsc754J 58qtk67+vxaJpfc+R/NRQGCKcmMSdDRauaLPkZNRpDwr5NCXn78NyNFhe+Et+NR7FZ/ZSCrT 1oLKSIRdUJz0yuSgiaC/TcDySBQTW9dIDFPwvh3hByI+ru5q3NBJ8UlJIoJegfQJ/8YGI9R6 w8iOZPN1czTjdJIJzmlbbiB5MT7rKotjIYrswtqbp6ZkujwkYyUlmQSjnx2pmSeTNqAMxnxi uZ53of96+8WmybIIEq8FhMz3K4ahibVo6NrpaN6oSdgtaElDxeVFkr40FklNXWwtnbWWGXNK 8Mu/P8nla0wCBPC6L4nkTpNuiS5dTZLZgxJbB0TmmWRl2ekpHr2tlXYgLoyt3Kal0O64d6Nc Qu05YniAPqFmjSELad+YVOXIRj7loyoCehhA7H6GPm1VlAJO9jy+Q23yU7E3ydTqcG7A5p7l a84WNgfJY6cxhe8zUGDdSgEV6WsrPAHyD5wnM+KtFI8FKXCEdviSm+OpXunocpV6k0bnciHP 25G5Ag0EWtbnPgEQAK3DCu0uUeC8s4Tx1Q/GD3V4+SdLk7rMazclKK5lx0O/e0p3wf04zRz8 jy0uocBQ0l0nqyYq6eJPN5oi/Br3e2Gvwzmpd/JlIqgZSjTlgOkGyU4v5Oeg6A2va2qHw5Sd Z8p7kpd3OTKd5X2EuDvdK0P9gm3LdLC8Jqe48F6o5kJftiqUkFVi+9gzGYIPWZBuxRawGW6Q iI59mWQcEwvJVjl1+5jeBsveHow3C72zfQejcWILLTfFT2qwoSYOuA11joAOEk3wU1rNWjA4 dd9P9/HDsxMVjQxOui9rMdTnqTyNRtTTygGIFeeu8QM2w8LmDaDWWZbTK0+J2qrQaSLpADEf yhE+OJL3QH+CyCDXy8hhkP0D9Zz3txfJI0fGutJYBHZGjitBugD7yzmfl3duD+NQY5znJDFs +R9Ko9iPvVln4sBDOYDiGctmhWHQPMdHNPAK0u9q5jVKbEzNWYsXphJ3lABBCVFZS/5EP2eU Wt03AfvVa30fHGhUJbR2nDC9J3CWoNccSGynCIpsQKZtlvTZ3d4O8Pp7DgLKaJh8BpyhCR6u OHefbMN9LHu4coUWC5xiJIJTUg5bBT2myMBl7hOJ7AYMETeFDrpJzYfben4R2vSX1/TwtqWv 0gP4afKuzpNuFX72oATE5w+078tgxKCGw5Y0gK6tbqLNRYAZldM9ABEBAAGJAjwEGAEIACYW IQQ6fR9woaHv4dbzkNfK4E3HA2HgLQUCWtbnPgIbDAUJBRaKAAAKCRDK4E3HA2HgLdCFD/95 leoIwpQvsrG+7MFgKrsnLyFpMCS6fIwGrecr0HiKABREfJ+YCdTEBuPJa/f5xK98kRersZMv 7J+EN4nilcyGESF1ZJUoXXWOd1VCvXGygqVjZAvlhrpeM1tTvy9eV7jr7ff5N4y29GOTmKnK tiT7XK3xEYRBs4fOyWqCfvZTEOoXMxIVankS2+AM8GP1Ryj3IBmgK3vex9ib6QQd10WmXhe4 UB7W2KAoR0YwlmeLt8n3jGKmag/OUSdMahmX3sYXGDjw+Ym7srM0KIdA330qARWnEicBbgDt hBysqFhVssIrbYM30O7ilR1teQ3kIwiwfhhZJZWgQnMGSlr+//2WHqKVVMKL3mDHzDcg2ZZ1 0thg/HfaXH2IPtJzzhrl4/gAUxOix2bu1eihLO/doPVnE7LEMJgiPiDsCD+RAnWefQ6Qk0zI v6wswxnP6yKYqtgFpF6XU0Hf+BmFmY8/6jMPZeRe8WhYLaBoc7EPk9XSfPRCP+1z8sxg/4bp SXhPJR4OslRXFZNGOiT8+5FtLnBor/QY1ili9G64z+jWwsxf3I/cN5vexEr1U25irY4Hb/TW YuXad6BezPA/CxBUuVXvy1H+TcvaRVBTynH4YEluNpcS2mvRCuMrCEmeuWtA9fjQpezSFy5i IRn023SwbB3X2MsijpeEgb/XFvA5TsbbGw==
=Qr0e
-----END PGP PUBLIC KEY BLOCK-----"

3. Check our PGP signature on mail messages and documents

Messages which have been legitimately sent by the Emirates CyberSecurity team are always signed with our PGP key. We encourage our customers to verify the signature in order to ensure that any document received has indeed been written by our staff and has not been subject to any changes.

4. Encrypting sensitive information

When sending sensitive security information by email, we encourage our customers to encrypt it.