| Liudmila Buga

Travelers beware: business trips are coming back – and so are fraudsters

Fraud is one thing the pandemic didn’t shut down. We remind our travel managers and travelers to stay on top of their data protection as travel resumes. So, we asked our information security experts for their opinion on this tricky subject. Read on to find out exactly what you need to be wary of.

What’s the one thing you wish travel managers and travelers understood about data fraud?

Most travelers are not even aware of what happens to their travel data, when they book business or leisure trips. Don’t assume booking your trip through an online travel agency, ends your data journey there. In fact, your data may be forwarded to several suppliers, including airlines, hotels, rental cars, rail, loyalty program providers, and others.

Then whenever you book a ticket with a credit card, the relevant information is shared with the credit card company and billing office. Same if you make a duty-free purchase at the airport – the store captures details of your purchase, including your name, airline ticket information, and credit card number. And if you’re traveling to a destination where your travel data must be sent in advance, so that you may enter, your data is shared with authorities and organizations of the respective country.

You got the point – your data is being collected, processed, used, and stored multiple times. And it’s vulnerable to attack or compromise in each situation.

So, what can companies do?

A best practice for companies is to always find out how the travel agency protects data against three basic threats: loss of availability, integrity, and confidentiality. Companies should expect travel agencies to provide a fully integrated and audited Information Security Management System (ISMS) for threat protection.

Companies should be aware of so-called “CEO Fraud” messages. The sender poses as a member of management and tries to get an employee to perform a certain action, such as transferring a certain amount of money to a certain account. Sometimes a fraudulent caller can pretend to be a CEO and use a phishing email to convince a travel agent to book multiple round-trip flights. Often, fraudsters are successful with their tricks by exploiting the willingness of an employee to help his boss.

GetGoing also checks bookings with IATA Perseuss, the world’s leading fraud intelligence platform, allowing airlines and other suppliers to work together to identify and combat fraudulent activity. If GetGoing detects a fraudulent booking, we initiate a cancellation and communication process.

What should business travelers look for?

We all need to be on the lookout for phishing or sending fake emails or messages to trick people into falling for a scam. Detecting the emails has become much harder. The scammers are intelligent and DarkNet programs are designed to bypass antivirus detection products. It remains a “cat-and-mouse game” between the scammers and the information security industry.

If you’re taking a business trip, keep these four tips in mind:

  • Go secure: Don’t log in to corporate accounts over free public Wi-Fi hotspots. The information is vulnerable to interceptions.
  • Go paperless: Keep itineraries and travel documents on your password-protected mobile device.
  • Go humble: Don’t share travel dates and locations on social media. This information can be used by fraudsters for social engineering attacks.
  • Go quietly: Don’t talk loudly about business in public places like the hotel bar or on the train on the phone. You would be amazed at the information one gets just by listening. And be on the lookout for “shoulder surfers” – anyone glancing over your shoulder to steal information.

Go share the news: