Virtual Product Fair Protect your agency data protect your business October 2011
2 Are you doing all that you can to protect your business?
Agenda Background Fraudulent activities Sabre actions Steps you can take 3
Background Forms of fraud Over $40M was stolen from small businesses in 2009. The FDIC says this has grown to $200M in the last 12 months 4
Phishing Phishing emails can be difficult to recognize as they often include recognized graphics or logos that appear to be connected to legitimate websites Sample Links look legitimate and are designed to entice recipients to login to fraudulent systems Instead, the links take you to phony scam sites or legitimatelooking but fraudulent pop-up windows 5
Phishing examples Source: https://www.bankofamerica.com/privacy/control.do?body=fraud_demo_popup 6
Phishing examples 7 Source: www.bellsouth.com/residential/fraud_examples.html
8 Phishing example
9 Phishing example
Phishing example An example of a phishing email received from one of our customers 10
Phishing Sabre will never... send you an email asking if you ve used our system recently send you an unsolicited email notifying you to click on a link to change your password. 11
Phishing Steps you can take Never log on (enter user name and/or password) to a site with an emailed click-through link Bookmark your trusted login sites and access them only through your bookmark, or by manually typing in the web address Manually type the website address into your Internet browser, if you re concerned about a possibly fraudulent link, Sign in through a secured method and change your password as a precaution 12
Phishing Steps you can take If you receive a suspicious email that looks like it comes from Sabre, report the incident to the Sabre Help Desk immediately 13
Passwords Always keep your Sabre password private Your Sabre password is for only you to know Do not disclose or share your Sabre password with anyone, including others within your agency or branch locations Do not write your password down or store it where someone can access it 14
Passwords Sabre will never... ask you for your password have a 3 rd party company ask you for your password 15
Passwords Steps you can take Change your Sabre password regularly Make sure your password is difficult for someone else to guess If you receive a call from someone wanting your sign-on and/or password, do not provide your credentials Obtain the caller s contact information and report the incident immediately to the Sabre Help Desk Advise the Help Desk agent you are calling to report a potential invalid request for credentials Avoid using the same password for multiple accounts 16
Passwords Steps you can take If you receive a call from someone wanting your sign-on and/or password, do not provide your credentials 17
EPR Keywords and Ticket Safe Review your employee EPR keywords Employee Profile Record (EPR) keywords control your employees access to the Sabre system Your agents should have only the keywords necessary for their roles in your agency Every employee is unique and doesn t need the same keywords. Use Ticket Safe to open and/or close the ability to issue airline tickets outside of office hours 18
EPR keywords and Ticket Safe Sabre will never... contract with a 3 rd party to adjust your EPR keywords request private information from you regarding your clients or your bookings 19
EPR keywords and Ticket Safe Steps you can take Review EPR Quick Reference guide to understand keywords available to help manage your business Review your agents EPR keywords quarterly to ensure each employee has correct access for their role in the agency Increase new staff keywords over time and monitor their initial use of high risk keywords for a short period Inactivate EPRs of former employees Permanently delete 1234 EPR if it still exists. 20
EPR keywords and Ticket Safe Steps you can take If you use a robotic application to manage electronic ticketing while your agency is closed, work with your after-hours call center to determine who is authorized to activate and deactivate ticketing 21
If your ticketing has been compromised Immediately report incidents to ARC or BSP VOID any potentially fraudulent tickets at once If ticket cannot be voided, contact the air carrier to advise of potential fraud Track and document all activities from the point fraud was identified and reported and throughout the investigation Report incident immediately to the Sabre Help Desk Advise the Help Desk agent you are calling to report potential fraudulent tickets Report the incident to local law enforcement 22
Protection Always use designated protected fields for sensitive data like credit card numbers Position workstations so visitors can t see your screen Use a privacy filter on your monitor Use password protected screensavers when you step away from your desk Keep faxes and print copies away from visitor access 23
Protection Steps you can take If you receive unsolicited requests for office visits, do not allow these individuals access to your office or your Sabre records. If you receive a suspicious call requesting access to your data or Sabre records, immediately contact the Sabre Help Desk at your usual number Advise Help Desk agent you re reporting a suspicious activity Try to obtain the suspicious individual s contact information to report Report the incident to local law enforcement 24
Protection Sabre will never... request private information from you regarding your clients or your bookings. send anyone to your office to repair equipment or ask for you to send us your equipment 25
1. Bookmark your trusted login sites and access them only through your bookmark, or type in what you know to be the legitimate website address 2. Sign in through a secured method (using a legitimate link to a Sabre site) and change your password if you have logged on to the Sabre site after clicking on a link you received recently 3. Review your agents Employee Profile Records (EPRs) to ensure that all employees have the correct level of access for their roles in the agency 1. Click on email links that require you to enter your login credentials. 2. Disclose login credentials to anyone claiming to be from Sabre. If someone calls your office asking for login credentials, do not provide this information. The Sabre Help Desk or others at Sabre will never ask you to reveal your login and password information. 3. Disclose or share login credentials with anyone else, including others within your agency or branch location 4. Put sensitive data, like credit card numbers, in designated protected fields in the PNR 4. Don t delay reporting fraudulent tickets 26
Questions? Refer to our Agency Security community for information on how to protect your agency from this type of fraudulent activity. eservices.sabre.com > Business Tools > Community > Agency Security Today s slides Top right hand corner of the home page between the words FindIt: Site Index and Search Index there is a box. Type VPF in the box and hit enter. Click on the Virtual Product Fair (VPF) presentation link on the next page and then scroll down to 2011 10 Virtual Product Fair 27