ARC has recently been alerted that a phishing email campaign by fraudsters has returned. Fraudsters are manipulating the Sabre name and logo to deceive travel agents into unknowingly divulging their GDS login credentials. This phishing email urges the recipient to click on a link in the email in order to “confirm your Sign-in” or be locked out of your account. Do not fall for urgent action requests in emails.

Ensure that all employees become aware of this fraud scheme.

Example of a recent phishing email:

Look out for:

  • Emails with a sense of urgency to log in so that your account is not locked.

  • Misspelled words. This email contains two spelling errors: “infornation” and “trainning.”

  • Grammatical errors or awkward use of language. This phishing email contains three grammatical errors: “sabre,” “all global countries,” and “Sabreis”.

What to do:

  1. “Hover” your mouse over the link to reveal the true web address controlled by the fraudster.

  1. If an employee believes they may have unknowingly clicked on such an embedded link, then ensure the agent changes their password immediately through the usual program/bookmark.

  1. Alert your GDS provider if you believe an agent’s log-in credentials have been compromised.

  1. Ensure password changes or confirmations occur through the usual program/bookmark and not through a link embedded in an email.

  1. Use strong passwords that are changed at least every 90 days.

  1. Monitor ticketing activity so that unexpected ticketing activity (late night ticketing, immediate departures, foreign itineraries, etc.) can be identified early.

  1. Some GDS’s may offer options to turn off ticketing overnight for agencies.

  1. Forward suspected phishing emails to ARC at StopFraud@arccorp.com.