Schemes

Fraud Prevention

Schemes

Fraudsters are often creative in the schemes they devise to manipulate the customer service skills of travel agents who always want to help their clients. The information they provide makes them appear as legitimate customers with plausible reasons for ordering tickets for themselves and others with close-in departure dates. The fraudsters create a compelling story as to why an agent should help them or create a sense of urgency to get that agent to lower their guard and get the tickets issued. Once those tickets are issued, the fraudster alerts his own customers that they are ready to travel.

Below you’ll find schemes that are commonly employed by fraudsters.

Social Engineering Schemes

A social engineering scheme involves phone and/or email communication between the fraudster and a travel agent that will typically involve at least one of the following characteristics:

  • Immediate departure: Often for the same day out to three days from today
  • Social standing: Customer claims to be a doctor or minister
  • Emergency travel: Someone in the “family” needs to travel immediately
  • Fake referral: When asked how the customer found the agency, he/she claims their spouse used the agency a year ago, though no profile exists for that spouse in the system.
  • “Straw purchase”: Customer claims to be local and requests a ticket for himself/herself with a departure from the nearest airport three weeks from today so there are few red flags to indicate it’s a risky transaction. This ticket is not meant to be flown, it’s meant to establish a working relationship with a specific travel agent within the travel agency. The next tickets he/she orders are for real passengers who will travel.
  • VOIP telephone: The customer’s telephone number may mimic a local area code, though research on the internet can quickly reveal it to be a VOIP (Voice-Over-Internet-Protocol) telephone number.
    • NOTE: VOIP telephone numbers are not necessarily bad or fraudulent; it merely means you cannot be sure where the person is really calling from.
  • Digitally Altered Images: The customer emails images of their driver license or passport and the front and back of their credit card to make themselves appear legitimate. A review of such documentation can sometimes reveal mistakes.

Corporate Booking Schemes

Corporate booking schemes contain many of the same characteristics of a social engineering scheme but the fraudster targets agents with existing corporate clients or requests that the agency sign them up as a new client.

  • Internet research: Fraudster conducts online research to find an executive’s name and title that he will use when communicating with their corporate travel agency.
  • Similar email address: Fraudster creates an email address similar to the real corporate email address though with extra letters or numbers. Use the website WhoIs.com and refer to our Free Internet Tools page to find out when an email address was created.
    • True email address: john.doe@uofmcorp.com
    • Fraudster email address: john.doe@uofmcorp-uk.com
  • Fake referral: Fraudster may attempt to socially engineer a corporate employee to unwittingly “refer” him by phone or email to someone at their corporate travel agency.
  • Immediate departure: Often for the same day out to three days from today
  • VOIP telephone: The customer’s telephone number may mimic a local area code, though research on the internet can quickly reveal it to be a VOIP (Voice-Over-Internet-Protocol) telephone number.
    • NOTE: VOIP telephone numbers are not necessarily bad or fraudulent; it merely means you cannot be sure where the person is really calling from.
  • After-Hours Services: Fraudsters may wait until the evening hours to contact a corporate travel agency so that an After-Hours travel agent will handle them. This travel agent may not have the ability to verify caller information with a corporate client.
  • Fake website: Fraudsters may also try to dupe an agency into signing them up as a new corporate client by going so far as to create a fake website to showcase their company. The example below is a basic site and the links do not take you further into the website.

Fake website created by a fraudster:

Fake Website

Corporate Booking Tools

Many large corporations have corporate booking tools sitting on their corporate websites that employees can access to book travel. Unfortunately, fraudsters are quite aware of this and target these bookings tools to issue tickets for their own customers. The fraudsters target employees of the corporation with phishing emails or malware to obtain their corporate login credentials. Once the fraudster has this information he/she can access the corporation website and then go to the link for the booking tool. Refer to the Best Practices page for suggestions of how to limit exposure to fraud via these tools.

EDU Scheme

This scheme is similar to the corporate booking scheme and usually orchestrated by the same fraudsters. The targets in this scheme are the agencies that fulfill ticketing for universities and colleges.

Below is an example of a real EDU scheme email sent to an agency claiming to be from their university client. The fraudster used the free email service Outlook to communicate with the agency, but the agency had a policy to only communicate using the .edu address. In addition, the telephone number is a VOIP number so you do not really know where in the world they are calling from.

Scheme Email

NOTE: Certain information removed by ARC

Ownership Change Scheme

Agents in the United States have been the victims of fraudulent ownership change schemes. These unauthorized ownership changes have usually involved situations where the ARC owner of record surrendered control of their agency to the prospective buyer or manager. The buyer promised to send the appropriate ownership change papers to ARC, but most times did not. The buyer or manager then conducted transactions that resulted in major financial losses to ARC participating airlines.

  • Remember - Do not turn over the operation or control of your agency location, blank ticket stock, or access to driving electronic tickets to any third party (including the purchaser) until you have received written notification from ARC that your change of ownership is approved. Until that approval, the ARC agent/owner is responsible for all financial losses on ARC traffic documents and electronic tickets supplied to the location.
  • Prior to executing any contract, meet with the prospective buyer face-to-face and obtain the following:
    • Original color photographs of purchaser and any representatives
    • Color replicas of passport and/or driver's license
    • Personal data of purchaser and any representatives, including home addresses, phone numbers, current and past employment
  • Once you have obtained personal data of the buyer and personnel, confirm the data through internet searches or other types of records that can verify the data provided. If purchaser objects, you should think twice about going forward with the sale.
  • Observe and record the make, model and license plate numbers of all automobiles driven by the purchaser and representatives.
  • The owner of record should periodically check with ARC's Accreditation Department to ensure a Change of Ownership Application has been submitted and that it is complete to allow timely processing.
  • Do not provide the prospective buyer with access to sensitive data or systems (i.e., credit card numbers, personal information of clients, bank accounts, combination to safe, access to safe deposit boxes, GDS ticketing ability, etc.).
  • Owners of record who believe they have been solicited by insincere purchasers are requested to notify ARC Fraud Prevention at 855.358.0393 or fifp@arccorp.com.