Airline ticket-fraud scheme reappears after dormant period

ARC has raised alarm over a scheme to fraudulently book airline tickets. This scam was dormant for seven years.
ARC fraud detectors had discovered approximately 80 cases of unauthorized ticketing between September and October, which amounted to approximately $1.2 Million.

Doug Nass, ARC's manager for fraud investigations, stated that successful unauthorized ticketing attacks typically result in five to ten tickets being issued using the GDS credentials provided by the victim unwittingly travel advisor. Average ticket value is between $800 to $1,200. The most common victims are small and medium travel agencies, as well as large ticket consolidators.

Fraudsters have been sending phishing emails to travel agents to obtain GDS credentials. An example of this fraudster was presented by ARC at a webinar this month. His subject line read "Sabre System Update Notification Letter."

The email stated that Sabre was adding a level 3 security to the reservation system. All users must enter member login information. Sabre Red Workspace will be confirmed once you have logged in.

The recipient was asked to click on the link to access their Sabre credentials.

Nass stated that fraudsters had been spoofing only two of the major GDSs so far in 2021. Because ARC has not granted permission to disclose that information, he didn't reveal the second GDS.

Travelport and Sabre declined to comment on this story. Amadeus didn't address spoof email or unauthorized ticketing.

The company stated that "Since the onset of the Covid-19 pandemic we have seen a growing number malicious attempts in cybersecurity space."

"We work hand in hand to our customers, guiding and assisting them with practical security controls and measures that they can take during these difficult times."

Cornelius Hattingh (ARC director of revenue integrity) and Nass reported that the unauthorized tickets appear to originate from West Africa. Flyers are departing from airports in Casablanca; Morocco; Dakar; Senegal; Abidjan; Ivory Coast, among other places.

A fraudster can often gain access to the credentials of an agent during the night hours in the U.S. and issue tickets to their customers. Many times, these customers have taken to the skies and left the travel agency with a debit it will need to pay.

Hattingh stated that there are situations where it might be possible for ARC to work with the agency in order to cancel fraudulent transactions.

"If someone is already flying, we ask that the agent contact the airline directly to request a refund. He said that it can become a difficult environment.

For years, Phishing scams have been dormant

After seven years of dormancy, the unauthorized ticketing fraud's reemergence was announced. The ARC fraud team worked on the issue between 2009 and 2014. However, the scams stopped when three West African men were detained in connection to the scheme. Nass stated that Eric Donys Simeu (a Cameroon citizen) was sentenced in 2017 to almost five years in U.S. Federal Prison. Simeu was freed in late 2018.

Nass stated that travel advisors can avoid being a victim of this scam by exercising caution. If a link is not in the email that was expected, no one should click it. Travel advisors must pay attention to the sender's email address and be alert for any sloppy errors. The Sabre spoof, which Nass used as an illustration, has many typos and was sent to @coinersoirex.com.

Nass stated that agencies should provide additional training so that every employee with access to the GDS is made aware of this scam.