A NEW scam has seen at
least two big corporate
travel agencies targeted
by an international syndicate,
and losing a significant
amount of money.
Christo Snyman, director of
forensic services of Mazars,
an audit, accounting and
consulting firm, says that
corporates in South Africa are
being contacted by someone
purporting to be from their
international office – in the
most recent incident the
individual called from the
UK – claiming that their travel
agency is experiencing some
technical problems and asking
if the South African branch
could assist with some travel
arrangements.
In the latest incident, the
fraudster called the PA of
the South African office’s
president, who put him in
touch with their corporate
travel agent, who wishes to
remain anonymous as an
investigation is currently
under way.
The scam artist made
flight bookings with a credit
card that was authorised by
the bank – he sent through
copies of the credit card as
well as passport and other
information. He even used
an email address that
matched the company’s
domain name. Everything
seemed legitimate to the
travel agent, Christo says.
However, over subsequent
weeks, the travel agent
became suspicious as the
UK “employee” started
sending numerous credit card
details to book the flights,
all of which included West
African destinations. She then
contacted the UK office to
confirm whether the individual
was employed at the company
and whether he was correct
in requesting these travel
arrangements.
The agent discovered that
the person requesting the
bookings was not employed at
the UK branch. She contacted
the airlines and cancelled the
remaining flights, but many of
the sectors had already been
flown. The agency stands to
lose up to R1,9 million.
Christo says these
syndicates set up “bogus”
travel agencies and collect
money from their clients, who
likely pay in cash. They then
use compromised credit card
information to book the flights.
He says that for this to
be possible, the fraudsters
would have to have inside
information to know that the
agency had a relationship
with the corporate client.
He says they obtain this
information through a contact
at the client company, through
spyware or malware, or from
finding documents with this
information. He also says they
can easily use illegal sites
that are found through search
engines to send emails from
fake domain names in order
to look legitimate.
When the holders of the
credit cards used for the
fraudulent purchases dispute
the charges, the banks will
refund the clients and claim
the money from the merchant
(i.e. the travel agent).
Christo believes that not all
the blame should be laid on
the agent as the corporate
referred the business to the
agency. He says the client
should take on some of the
responsibility and cover some
of the money lost.
Don’t be a victim
How can agents avoid
falling victim to this type of
scam? Christo advises that
agencies scan all staff PCs
for spyware on a monthly
basis and that all employees
change their usernames and
passwords regularly. He says
all documents should be
destroyed properly through
shredding to protect client
information.
Christo adds that agents
should inform their corporate
clients of this scam so that
they won’t be caught unaware.
Also, if agents are contacted
by an international company
representative, he says it’s
a good idea to follow up
with a phone call to verify
the information. “Don’t trust
that an email is legitimate
just because it reflects the
company’s name,” he says.
Other red flags include one
person being in possession
of multiple credit cards and
requesting indiscriminate
routings (particularly for West
Africa), he says.
Although in this instance
the agent was referred by
her client, Christo knows of a
similar case a few months ago
in which the travel agent was
contacted direct.
