ARC posts the latest information on fraud schemes, scams and criminals within the travel industry and tips on how to protect your business from fraud.
There is an increase in phishing emails impersonating or pretending to be from Sabre. These emails are not from Sabre.
Sabre will never:
Send an email with an embedded link to a login page.
Send an email ‘threatening’ loss of access to your account.
Send an ‘unsolicited’ email notifying you to click on a link to validate or update your account.
If you receive a suspicious email from Sabre, report it immediately by emailing Sabre (customer.care@sabre.com) first and then ARC (stopfraud@arccorp.com).
October 25, 2023 Alert: Below is a screenshot of a fraudulent email with the subject line “Sabre Technology Upgrade Notification.”
If you receive a suspicious email from Sabre, report it immediately by emailing Sabre (customer.care@sabre.com) first and then ARC (stopfraud@arccorp.com).
October 19, 2023 Alert: The new fraudulent email format may have a different call to action than previous messages, along with the naming convention of the notice from Sabre to RED CENTRAL. The subject line contains a nonstandard letter "a.”
Below is a screenshot of a phishing email with the subject line "Account Update Request," urgently requesting agents to click a link for profile updates. Notably, the upgrade timeframe is 10/19/23, with a finish date of 9/5/23, raising an urgent red flag.
If you receive a suspicious email from Sabre, report it immediately by emailing Sabre (customer.care@sabre.com) first and then ARC (stopfraud@arccorp.com).
To address this issue, you should take the following steps:
Please email ARC at StopFraud@arccorp.com if you need assistance, and visit our on-demand webinar page to view the latest fraud awareness videos.
ARC recently received, via an industry partner, raising concerns about an inquiry (via email) requiring your awareness and thorough assessment. The details of the request are as follows:
Request Origin: China
Inquirer: Mr. Carson
Tour Details:
Group Size: A total of 160 persons, divided into two groups of 80 each.
First Group: Scheduled from 15th November 2023 to 21st November 2023.
Second Group: Scheduled from 24th November 2023 to 30th November 2023.
Inclusions: Accommodation (four-star or five-star hotel), transportation, scenic spot costs, insurance, meals, translation services, tour guides, and arrangements for transportation to the airport.
Customization Request: The client wishes to customize the itinerary for their group.
This inquiry has raised several risk factors that require careful consideration:
Given these risk factors, we recommend the following actions:
We strongly suggest you exercise caution and conduct thorough risk assessments before proceeding with this inquiry. The high-risk nature of this request necessitates careful consideration to protect your company's interests and reputation.
Please keep us updated on your findings and decisions regarding this inquiry. If you have any questions or need more help, please don't hesitate to contact us at StopFraud@arccorp.com. Visit our on-demand webinar page to view the latest fraud awareness videos.
Cybercriminals continue to target the agency community through phishing emails, which appear to be from various organizations across all business sectors, including GDSs. These emails entice agents to click on an embedded link and enter their login credentials.
No service provider should request login credentials through email. If you receive such a request, it is essential to validate it with your service provider.
Fraudsters can manipulate your reservation systems and cause financial harm to your agency if they compromise your credentials. It is critical to train your staff to avoid entering their login credentials into any links provided in emails and to be vigilant and suspicious of any webpage requesting authorization.
Safeguard your IT environment by implementing policies and procedures such as updating passwords and login credentials every 30-90 days and validating email senders and hyperlinks before clicking and engaging (i.e., opening, forwarding and replying to emails).
Please contact your service providers or email ARC at StopFraud@arccorp.com if you need assistance.
Visit our on-demand webinar page to view the latest fraud awareness videos.
ARC is tracking a fraudster who gains access to Corporate Booking Tool accounts through unknown means.Once remote access is obtained, the fraudster issues tickets for his customers using compromised credit cards.
Characteristics of this fraud activity include:
One-way travel
Immediate departures: 0-3 days from ticket issuance
Departures or return tripsusually include airports inMoscow
Travel destinations include Southeast Asia, especially Bali, Phuket and Bangkok
Additional travel destinations include Europe and the Persian Gulf
Reservation may include the true accountholder in the booking to make it appear legitimate
Using the information available, ARC aims to notify Agent customers about potential exposure to fraudulent transactions and suspicious requests. We offer this information as an option to help mitigate any potential losses. Agents are responsible for making business decisions aligning with their risk management strategies.
Agents and agencies have a support network to help reduce risk and financial losses associated with unauthorized ticketing. Visit the support section of the ARC website to view our fraud prevention resources and on-demand webinars. Contact our revenue integrity team by calling 855-358-0393 or emailing stopfraud@arccorp.com.
ARC has received reports of a fraudulent email solicitation scheme. We’re alerting you about requests for assistance with corporate travel from an alleged oil and gas company whose name does not show up in a Google search but has a similar spelling to an actual company. Please be cautious when handling such requests since they typically involve inter-Africa travel bookings and inquiries for future Africa-to-Europe routes. Prioritize verifying unfamiliar inquiries to prevent potential fraud.
Please review the example of a fraudulent email below to familiarize yourself with typical signs of suspicious requests:
Grammar and spelling errors
Urgency in the request
Unusual or questionable routings
Statements demanding immediate payment
Promises for future business
Dear Agent
How are you today, hope you are fine, i got your contact from directory when we are shopping for a travel agency that can be handling our travel needs like Air Ticket, Hotel and Transfer
Kindly let me have the flight options and the fare quote of the below itinerary for our guest that want to depart from Various destination to various destination.
Below is the itinerary, kindly go ahead and check the availability and send the fare quote plus options.
Below is the itinerary request.
[1] PASSENGER NAME:
[2] PASSENGER NAME:
ROUTES: LAGOS/NAIROBI/LAGOS
DEPT: 10/06/ 2023
RETURN: AFTER TWO WEEKS
CLASS: ECONOMY
AIRLINE: ANY AVAILABLE.
---------------------------------------------------------------------
Also check Lagos/London/Lagos for five passengers that want to depart from Lagos to London on 10/06/2023 and to returns to Lagos After two weeks, i will send passengers names as soon as you send fare quote and flight options for bookings
................................
Treat as soon a possible and send the flight options for immediate payment.
Let me know the bank charges if i pay with visa card or master card.
Looking forward to hear from you asap
Regards
Purchasing Manager
Oil And Gas
Using the information available, ARC aims to notify Agent customers about potential exposure to fraudulent transactions and suspicious requests. We offer this information as an option to help mitigate any potential losses. Agents are responsible for making business decisions aligning with their risk management strategies.
Agents and agencies have a support network to help reduce risk and financial losses associated with unauthorized ticketing. Visit the support section of the ARC website to view our fraud prevention resources and on-demand webinars. Contact our revenue integrity team by calling 855-358-0393 or emailing stopfraud@arccorp.com.
Fraudsters are often creative in the schemes they devise to manipulate the customer service skills of travel agents who always want to help their clients. The information they provide makes them appear as legitimate customers with plausible reasons for ordering tickets for themselves and others with close-in departure dates. The fraudsters create a compelling story as to why an agent should help them or create a sense of urgency to get that agent to lower their guard and get the tickets issued. Once those tickets are issued, the fraudster alerts his own customers that they are ready to travel.
Below you’ll find schemes that are commonly employed by fraudsters.
A social engineering scheme involves phone and/or email communication between the fraudster and a travel agent that will typically involve at least one of the following characteristics:
Corporate Booking Schemes
Corporate booking schemes contain many of the same characteristics of a social engineering scheme but the fraudster targets agents with existing corporate clients or requests that the agency sign them up as a new client.
Fake website created by a fraudster:
Corporate Booking Tools
Many large corporations have corporate booking tools sitting on their corporate websites that employees can access to book travel. Unfortunately, fraudsters are quite aware of this and target these bookings tools to issue tickets for their own customers. The fraudsters target employees of the corporation with phishing emails or malware to obtain their corporate login credentials. Once the fraudster has this information he/she can access the corporation website and then go to the link for the booking tool. Refer to the Best Practices page for suggestions of how to limit exposure to fraud via these tools.
EDU Scheme
This scheme is similar to the corporate booking scheme and usually orchestrated by the same fraudsters. The targets in this scheme are the agencies that fulfill ticketing for universities and colleges.
Below is an example of a real EDU scheme email sent to an agency claiming to be from their university client. The fraudster used the free email service Outlook to communicate with the agency, but the agency had a policy to only communicate using the .edu address. In addition, the telephone number is a VOIP number so you do not really know where in the world they are calling from.
NOTE: Certain information removed by ARC
Ownership Change Scheme
Agents in the United States have been the victims of fraudulent ownership change schemes. These unauthorized ownership changes have usually involved situations where the ARC owner of record surrendered control of their agency to the prospective buyer or manager. The buyer promised to send the appropriate ownership change papers to ARC, but most times did not. The buyer or manager then conducted transactions that resulted in major financial losses to ARC participating airlines.