Quick guide to phishing and fraud - Sabre Travel Network

Quick GuideGuarding AgainstPhishing and Fraud

What are phishing emails?Phishing is an attempt to acquire sensitive information by masquerading as alegitimate business. A phishing email often includes recognized graphics orlogos. It may look legitimate, but almost always connects to fraudulent systems.Often, the goal is to get the victim to enter credentials, and oftentimes, victimsaren’t aware that they’re being scammed.Phishing exampleand why it’sfraudulentNote that fraudulent emails may use references or logos of products that are no longeractively marketed, i.e. MySabreSome emails may contain “footer” information with faulty information, such asnon-Sabre addressesWhen it comesto email,Sabre will never• Send you an email asking if you’ve used our system recently• Send you an unsolicited email notifying you to click on a link to change or “confirm”your password1

Steps you cantake to protectyourself againstphishing emails1. Never log on (enter user name and/or password) to a site with an emailed clickthroughlink.2. Bookmark your trusted login sites and access them only through your bookmark,or by manually typing in the web address if you’re concerned about a possiblyfraudulent link.3. Sign in through a secured method and change your password as a precaution4. If you receive a suspicious email that looks like it comes from Sabre, report theincident to the Sabre Help Desk immediately5. Try the “Mouse Over” trick to see the actual link.phishing emailscan even looklike thisPhishing emails are getting more sophisticated, and the emails they send often looklegitimate and use real grahpics.2

Password safetyWhen it comesto passwords,Sabre will never• Ask you for your password• Have a third-party company ask you for your passwordSteps you cantake to protectyour passwords1. Change your passwords regularly.2. Make sure your password is difficult for someone else to guess.3. If you receive a call from someone wanting your sign-on and/or password, do notprovide your credentials.4. Obtain the caller’s contact information and report the incident immediately to theSabre Help Desk.5. Advise the Help Desk agent that you are calling to report a potential invalid requestfor credentials.6. Avoid using the same password for multiple accountsUnauthorized ticketing• Regularly review ticketing queues, including weekends and holidays, and reviewbookings daily, including weekends and holidays, to validate that they are legitimatecustomers.• Look for tickets that are not “yours” – high-dollar, international cash (sometimescredit) sales – usually with an itinerary including points in Africa (most commonlyABJ or CMN). And if your business model includes high-dollar valued tickets toABJ/CMN, you may want to specifically review passenger names.• Disable employee accounts immediately upon termination of employment.• Annually audit active user accounts and adjust access as necessary.• Restrict a user’s level of access to only what is necessary to perform their job.• Require passwords to log into the workstation/laptop and force password changesat least every 90 days.3

General precautionsWhen it comes togeneral security,Sabre will never• Request private information from you regarding your clients or your bookings.• Send anyone to your office to repair equipment or ask you to send us yourequipmentSteps you cantake as a generalprecautionagainst fraud1. Always use designated protected fields for sensitive data like credit card numbers.2. If you receive unsolicited requests for office visits, do not allow these individualsaccess to your office or your Sabre records.3. If you receive a suspicious call requesting access to your data or Sabre records,immediately contact the Sabre Help Desk at your usual number and advise the HelpDesk agent you’re reporting a suspicious activity.4. Try to obtain the suspicious individual’s contact information to report and, ifwarranted, report the incident to local law enforcement.5. Position workstations so visitors can’t see your screen.6. Use a privacy filter on your monitor.7. Use password-protected screensavers when you step away from your desk.8. Keep faxes and print copies away from visitor access.9. Always ask…”Shred or Trash?”WHERE CAN IFIND ADDITIONALINFORMATION TOPROTECT AGAINSTEMAIL PHISHING?Log into Agency eServices. You’ll find:• News stories / bulletins on email phishing and recent incidents• Visit Support > Additional Resources > Agency Security for helpful articles andphishing examples• Visit Training > Quick References> “Agency Administration and Security”, “GlobalSecurity”, “PCI Compliance” and “Security” for tips on a variety of agencyactivitiesSabre, Sabre Travel Network, the Sabre Red App Centre and the Sabre Travel Network logo are trademarks of an affiliate ofSabre Holdings Corporation. (C) 2013 Sabre Inc. All rights reserved. TN-13-15992 01/134