NEWS 1
Travel firms need to be on the lookout for a new form of cybercrime
YOU NEED TO KNOW
AT A GLANCE How the scam works
l The email recipient will be someone who normally makes payments on behalf of the business, eg the financial controller.
l The email requesting a payment be made will be from a plausible source, such as the head of sales.
l The sender is likely to be out of the office when the request is sent.
Travel firms told: Beware ‘nasty’ new email fraud
Amie Keeley
amie.keeley@
travelweekly.co.uk
A travel industry anti-fraud group has warned of a new form of cybercrime threatening the sector.
Three companies, including
a national business, have been recent targets of ‘payment request’ fraud, with one losing an entire season’s profits in a single transaction. However, industry anti-fraud
group Profit warns the scam, which first came to light last year, is likely to be much more widespread with many travel firms failing to report incidents. A typical fraud attempt involves
an email to the finance or HR department which appears to be
from a senior member of staff and requests a payment be made on behalf of the business. The staff member whose email
address has been used for the fraud is typically out of the office when the request is sent. One Sheffield-based travel company lost £15,000 from the scam earlier this month. Its joint managing director, who asked to remain anonymous, received an email from her counterpart saying they needed a payment to be carried out and asked what details they should send over. She said: “The email address
was the same and it was a totally normal question to ask so I didn’t think anything of it. “The request came back asking
to transfer £14,850 to a particular person with their bank details.
4
travelweekly.co.uk 18 February 2016
“This scam is very easy to fall for and could severely damage a small travel business”
“When I spoke to them [my colleague] later over the phone, I asked what the payment was for and they asked ‘what payment?’” The company reported the scam
to the police and to Profit. It’s still waiting to hear from its bank whether it will recover the funds. Profit chairman Barry Gooch
said two other travel companies, one of which has been targeted three times, managed to avoid falling for the scam. He said:“This scam is
l The scam email request is likely to contain: the recipient’s name, address and account number; the payment amount; the recipient’s bank name, address, sort code and reference number.
l If you are a victim, contact your bank, report it to the police through Action Fraud and inform Profit.
particularly nasty because it looks like it’s internal so it’s very easy to fall for. It could severely damage travel companies and even take them under, especially as a lot are small businesses.” Gooch said perpetrators carry
out ‘phishing’ attacks or scrape email addresses then ring a targeted company to check who is in the office. Profit is urging companies to
make staff aware of the fraud and remind them not to open suspicious emails which could allow a phishing attack. Companies should also ensure
virus protection is up to date and make sure staff check before paying out-of-the-ordinary requests by speaking to the person concerned on the phone or face to face.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72