Last week, ARC was alerted to a phishing email claiming to be from a GDS that was sent by a fraudster. The suspicious email included a link inviting the recipient to input their GDS login credentials. With those credentials, the fraudster would be able to remotely access the GDS to issue tickets for their own customers.
Actual text from the recent phishing email:
Subject: Sabre Update on Cybersecurity Incident
From: Sabre <firstname.lastname@example.org> (Notice it comes from “vfirst.com,” not “sabre.com”)
Since June 6, Sabre has notified certain customers and partners who use or interact with the central reservation system and is working with them on the unauthorized access incident we previously disclosed. Our investigation is complete and we have determined that an unauthorized party accessed certain payment card information for a limited subset of reservations processed through the SHS reservation system.
Sabre Update on Cybersecurity Incident.
There is no indication that any other Sabre systems beyond the SHS reservation system, such as Sabre’s Travel Network and Airline Solutions platforms, were affected by the unauthorized party. We have taken successful measures to ensure this unauthorized access to the SHS reservation system was stopped and is no longer possible. Our investigation did not uncover forensic evidence that the unauthorized party removed any information from the system, but it is a possibility. We can help you get the latest security enhancements and features improvements. Click “Update-Now” to get started.
(There are then two links. One goes to a web page for nifty-buck and the other starts with upload.wikimedia)
Stay wary of these fraud attempts by remembering:
GDSs will never send emails with embedded links to customers that request password changes.
If you’re suspicious of a link, input fake login credentials to see if the site accepts the fake information.
Take action if you think you’ve been compromised:
If any employee suspects they may have clicked on a link in a phishing email, have that employee immediately change their password by logging in through their usual login portal (not via an email).
Run antivirus software immediately to ensure no malware has been uploaded to the computer.
Please forward any suspicious emails looking for GDS login information to StopFraud@arccorp.com.
ARC’s offices will be closed Friday, December 24, 2021, and Friday, December 31, 2021, in observance of the Christmas and New Year’s Day holidays.
Holiday Ticket Modification/ Voiding Schedule
The GDS void/IAR reconciliation dates for tickets issued Thursday, December 23, 2021, through Sunday, December 26, 2021 (PED 12/27/2021), will be extended until Monday, December 27, 2021. The GDS void/IAR reconciliation dates for tickets issued Thursday, December 30, 2021, through Sunday, January 2, 2022 (PED 01/02/2021) will be extended until Monday, January 3, 2022.
Sales Report Submission
Weekly sales reports for PED 12/26/21 must be authorized by 11:59 p.m. EST on Tuesday, December 28, 2021. Weekly sales reports for PED 01/02/22 must be authorized by 11:59 p.m. EST on Tuesday, January 4, 2022.
Myth: All payment processors have surprise fees.
Reality: With ARC Pay, there are no surprise fees.
When you use ARC Pay, expect predictable flat-rate pricing. There are no additional transaction charges, card association fees or statement fees. ARC Pay's competitive flat rate has been steady for 26 years at 3.5% ($0.70 minimum). An additional $15/month subscription fee only applies if you are actively using ARC Pay.
You know how much you’re going to pay every month. Count on it.
For more information, read “5 Things Every Agency Should Know About Processing Credit Card Payments.”
My ARC accounts with access to ARC tools containing sensitive data (including Accreditation, Agent's Choice, Document Ordering System, Document Retrieval Service, IAR and Memo Manager) are automatically deleted after 150 days of no activity for your data protection.
Payment Card Industry (PCI) security standards require that each user access their account and change their password every 90 days when they have access to sensitive data. A My ARC account with access to sensitive data and no login attempts will go through the following statuses before it is automatically deleted. A reminder email is sent to users before each status change.
• 90 Days (Inactive status) – Access is locked.
• 120 Days (Suspended status) – Access is locked and suspended.
• 150 Days (Deleted status) – The account is automatically deleted.
If you do not have access to any ARC tools that contain sensitive data, your My ARC password will never expire, and your account will never be automatically deleted. However, it is strongly recommended that all My ARC users log in at least once a month to maintain an active account status.
If you are unable to access your My ARC account for any reason, you may attempt to reset your password by clicking Reset a Forgotten Password on My ARC.
If your account has been suspended or deleted, please contact your administrator to restore access. If you do not know who the administrator is, please click Find Your Administrator within My ARC.