Recognizing and preventing social engineering fraud in corporate travel

April 7, 2017 Mark Dauner

It seems that we can’t go a single day without reading stories of hacking and fraud in the news. Retail stores, financial institutions, hotels and many other businesses seem to be subject to new hacks and intrusions all the time. While many hacks are the result of exploited vulnerabilities in electronic systems, any competent hacker will tell you that the most successful hacks often involve a social component - using human nature to find out information about a person or business and then exploiting that knowledge to commit fraud. This is commonly referred to as social engineering. 

Travel and Transport is part of a fraud protection committee with Airlines Reporting Corporation (ARC), which is an organization owned by the major U.S. airlines that provides settlement services between air carriers and travel management companies. Through our partnership and collaboration with ARC, we were alerted to the fact that fraudsters have become much more sophisticated in researching companies online and employing social engineering tactics such as calling corporations to obtain specific details from internal personnel about their travel program. Targets of such calls could be anyone from the switchboard operator, to employees in key departments (which are often easily found online) to the corporate travel manager. They learn about corporate locations around the world, organizational protocols, culture, etc. as well as airline ticketing procedures and travel terminology. They then use the “company speak” and “travel speak” they’ve acquired to pass themselves off as employees and persuade real employees to unknowingly help them with their exploits. 

Travel and Transport works closely with ARC and has protocols in place to deal with fraudulent activity. We actively educate our travel counselors on the strategies of fraudsters and how to identify red flags, however, it’s important to keep in mind that hackers and con artists constantly enhance their tactics to stay ahead of getting caught and will often directly target corporations first to obtain the information they need. Being vigilant and working together as a corporate travel community to ensure the identities of travelers, to verify the information they provide and to be mindful of the information we’re providing to them can go a long way to stopping fraud before it even starts. 

Click here for more information on ARC’s fraud prevention initiatives as well as best practices for identifying and preventing fraud

Click here for Interpol’s guide to preventing social engineering fraud

Previous Article
Five reasons that vacation steal isn’t a good deal
Five reasons that vacation steal isn’t a good deal

Some vacation deals can seem too good to be true. Here are a five things to look out for that indicates tha...

Next Article
Entry requirements for U.S. citizens traveling to Canada on business
Entry requirements for U.S. citizens traveling to Canada on business

U.S. business travelers must meet certain requirements for entering Canada from the United States. In addit...

Travelers: Get Dash Mobile for iOS and Android.

Learn More