PUNE: Travel agencies appear to have become soft targets of cyber criminals of late.
Two travel firms of the city were recently duped of Rs 7 lakh and Rs 1 crore after they booked online tickets for fraudsters abroad. A source from the industry revealed the chilling fact on Saturday.
The fraudsters allegedly send the target travel agency a mail faking the email address of a known corporate client travel coordinator (a corporate firm that the agency has a tie up with). They request the agency in the email to issue air tickets for the coordinator's overseas counterpart, forwarding an email purportedly received from the latter.
The fraudsters allegedly use email addresses almost identical to the purported corordinator's overseas counterpart. Unless the potential victim is highly vigilant, it is difficult to differentiate between a genuine email address and a fake one. For instance, if the original email address is firstname.lastname@example.org, they send mails having the address email@example.com.
The travel agencies easily fall prey because they often dealt with the firms' India office. Both the travel company concerned and the India office making the referral are taken for a ride.
Several travel companies in the country have been duped in this manner, prompting the Travel Agents' Federation of India (TAFI) issue a precautionary circular to all federation members, explaining how the fraud works.
Among other things, the circular brought to their attention that the fake email is likely to give "revamping of the company's global travel desk" as an excuse for ticketing with the local travel agency.
It added that in one case, the travel agency got suspicious wondering as to why all tickets requested were for immediate travel for group movements and why the director of a multinational company had called for the tickets himself. It was then discovered that the email was fake.
The Pune chapter of the Travel Agents' Association of India (TAAI) is also in the process of roping in cyber crime experts to make travel companies aware of such frauds.
Speaking to TOI, a representative of one of the victim agencies, said, "The fraudster had studied the corporate firm with which we have a tie-up beforehand. The firm also has an office in the UK. The fraudster impersonated the firm's UK-based travel coordinator, created a mirror email address replicating its official email address and sent an email to the firm's travel coordinator in India, winning his confidence." The India travel coordinator then got in touch with the travel agency and requested it to book several expensive tickets for people in the firm's UK branch. "We did just that, as we trusted the India travel coordinator, with whom we had old ties," the victim added.
Only recently, another travel company in the city received such a call, but its owner somehow thought it could be be a trap. Mehboob Shaikh, the director of Travel Elect Pvt Ltd, recounted his encounter with the fraudster, who called himself 'John Jackson'.
"We deal with multinational companies having offices abroad. Hackers know this and research the multinational firms extensively, through which they get to the travel agency in India. In my case, the firm's travel coordinator in India called me to tell me that I would get a call from the UK head of the firm, Mr Jackson. I smelt a rat and waited for 'Jackson' to call me," Shaikh said.
When 'Jackson' called Shaikh from a UK number after a few hours, Shaikh quizzed him extensively. "I asked him why he should be calling me so early, at 7:30am UK time, and the firm's travel coordinator in India at 3:30am UK time. I also asked him why he was booking tickets for his employees when he was the company's head," said Shaikh. The fraudster then hung up.
Travel companies claimed that ticket requests were usually for third-world sectors, such as from one African country to another in Europe. The travel time requested is usually within a few hours. Also, the requests are for business or first-class tickets.
Sources claimed one of the two victim agencies from the city had filed a police complaint recently.
G Krishna, the chairperson of the Pune chapter of TAAI, said, "We are now approaching cyber crime experts to create awareness about how to identify such fraudulent calls and emails. Soon, we will organise an awareness session."