Fraud Update: Corporate Travel Fraud Alert

The ACTA Fraud Prevention Committee has recenty learned of a spike in travel fraud via agency corporate accounts and we feel it is critical to share the details with you. We have reviewed a recent case and wanted to hightlight some tactics being used by fraudsters that target corporate accounts. The formal alert can be found here

Background:
In this case the fraudster posed as an employee of the corporate account from Australia (corporate account is American based) with an email address matching the company's email addresses. The fraudster posing as a contact at the corporate office responsible for the travel bookings for the corporate traveller contacted the travel agency to make the bookings. The bookings were made after 5pm on a Friday afternoon and the fraudster booked 2 tickets London to Islamabad on a one way AND London/Mumbai/Dubai/London for a total cost of $7K

What we have learned:
In this scenario the criminal uses the email domain of an agent’s corporate account, but they slightly change the domain by adding a letter or a number or add an extension, leading you to believe it is the corporate account’s email domain.  For example, adding a letter within the email domain is often overlooked or hard to spot:

name@arcccorp.com – instead of the real domain, which only has a double ‘c’ in the domain: arccorp.com OR adding an extension for that “Australian” employee of US based corporate account might look like this: name@arccorp_AU.com or name@arccorp-AU.com

As for after-hours, weekends and a 24/7 call center, these requests are at greater risk from someone pretending to be from a corporate account, they need a password reset, or need access to your corporate on-line booking tool. Often the criminal will use their email address at gmail, yahoo, etc. stating that they are away and can’t access their corporate email account and/or they use one of the examples above – spoofing a real email domain.

We stress that it is critical far all travel agents within the agency to know who their corporate clients are so that if requests for travel out of their normal come through that the agent can call their client, call the credit card issuer to verify transaction and/or refer the booking to their supervisor.

Typically the fraudster will look to book departure/arrival itineraries, one-way tickets, immediate departures from international airports, often to West African airports like ACC, LOS, DKR, CMN and/or South American airports like BOG, LIM, EZE, GRU,

Be alert! The ACTA Fraud Prevention Committee will continue to provide you important information on an ongoing basis to assist you in fighting fraud on every level in our industry. We ask you to be aware and cautious of suspicious activity. Avoid being the next example.