ARC reports a marked increase in the issuance of unauthorized airline tickets within the past few months caused by phishing emails aimed at travel agents. From August to November, 82 incidents of this type were reported to ARC, making up 73 percent of all the cases reported so far in 2011.
There were only 18 such incidents reported to ARC in 2010. The aggregate face value of the unauthorized tickets in 2011 is more than $1 million, with the largest single incident valued at over $77,000, ARC reports.
ARC said it believes this increase in unauthorized ticketing fraud is directly related to an upsurge in phishing emails aimed at travel agents and spear-phishing emails aimed at travel agency employees and independent contractors.
Phishing is an attempt to gain information such as login IDs, usernames, passwords, and credit card details by misrepresentation as a trustworthy online source.
The phishing emails are designed to appear as though they are being sent from global distribution systems (GDS) that provide travel agents the ability to book and issue airline tickets, which are then transmitted to ARC’s transaction settlement services.
The phishing email entices the reader to obtain additional information or reports by clicking on a URL. From there the reader is directed to a fraudulent GDS website and invited to log in, providing the fraudster with the necessary credentials to access the genuine GDS website to book and issue unauthorized airline tickets.
“ARC has banded together with other industry leaders to educate agents on how to identify these illegal emails and avoid navigating to fraudulent links,” said Chuck Fischer, director of operations integrity at ARC.
“Since August 2011, GDSs have seen many variations of the phishing emails – often changing multiple times a week – and have diligently worked to shut down the fraudulent websites. ARC frequently teams with travel agencies, GDSs, law enforcement, and airlines to identify and prevent usage of unauthorized tickets,” Fischer said.
ARC encourages travel agents, Verified Travel Consultants (VTC), and corporate travel departments (CTD) to become familiar with potential phishing emails and to frequently check the Fraud Alerts and Incidents page on ARC’s website. Real-time fraud notifications are also available by following ARC on Twitter and Facebook.