A GDS hacker, Eric Donys Simeu, was recently released from federal custody after serving time for crimes outlined in this U.S. Department of Justice press release.

Now is a good time for all agency staff to review fraud prevention and security best practices and to ensure they are wary of emails requesting GDS login credentials. This ARC on-demand webinar by Rich Licato, ARC’s chief information services officer, provides information to raise awareness of phishing emails as well as other cyber risks encountered within our community. For more details on phishing scams in particular, this article contains helpful tips and resources.

A portion of the aforementioned press release outlines Simeu’s impact on the travel industry. “Eric Simeu was responsible for a series of “phishing campaigns” which targeted customers of Global Distribution System (“GDS”) companies from approximately July 2011 to September 2014. The GDS companies impacted by Simeu’s criminal conduct included Travelport, which maintains a major presence in Atlanta, and Sabre, which is headquartered in Southlake, Texas.”

ARC witnessed phishing email campaigns during the years Simeu was active. These campaigns aimed to harvest GDS login credentials from unsuspecting travel agents. These emails are often constructed to appear as if they were sent from a GDS, airline or travel supplier, but were in fact sent by criminals. The phishing emails implored the agent to click on a link within the email and input their GDS login credentials. Unfortunately, this act compromised those credentials to criminals, which allowed them to gain remote access to the GDS at a later date and issue tickets for their own customers.

ARC has been advised by the GDSs that they do not send emails requesting travel agents to log into their GDS from a link embedded into an email. As a general rule, always be wary of emails that request confidential information (GDS credentials, bank information, etc.) through an embedded link in that email.

As always, please report all fraud incidents, attempts or suspicious emails to ARC’s risk management team at StopFraud@arccorp.com or 855-358-0393.