Valued Berwick Travel client;
We just wanted to bring to your attention an issue one of our clients had this past week. They were subject to a “phishing” attempt, whereby a third party tried to spoof one of our email addresses to request an additional payment. This may have been an isolated attempt, but we wanted to reach out to everyone currently booked with us to give you a heads-up on what to look for.
Phishing scams are not hacks or breaches. These scam attempts are typically fraudulent email messages appearing to come from legitimate enterprises. They usually direct you to a spoofed website or otherwise get you to divulge private information (e.g., passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft or credit card fraud. If you do not respond/engage/divulge information to them, you and your credit card information are not at risk. However, clicking unusual links, using a third party website for entering credit card information, or calling an unfamiliar number to give credit card information, is unsafe.
Some important notes and what to watch for:
• The email address may appear to be ours (“firstname.lastname@example.org”), but if you look closely at the header, it’s only the name that shows that; the email address itself will be significantly different (such as “email@example.com”).
• The email text itself will look different from your normal email conversations with your Travel Consultant, and may be poorly written (e.g. “we apologize ones more for any inconvenience causes this is to ensure a seemless reservation”), indications of foreign origin or computerized bot.
• The email may ask for additional payment to make sure your reservation does not cancel. Berwick Travel has very specific and transparent payment terms. Only a deposit is needed; no other payments are required until your listed final payment date on your invoice. Only a change to a reservation requested by you (adding airfare, rebooking on a limited time promotion) would ever need an additional payment.
• Phishing scams attempt to redirect recipients to another form of submitting payment, such as direct deposit, wire transfer, or phone call to a call center (e.g. “make final payment that means the remaining 50% but not online with the credit card but into our bank account.”). With Berwick Travel, everything is handled personally by your Travel Consultant or our Office Manager and the only page you should use for submitting payment is on our site (www.berwicktravel.com), or by calling in to our office; no other phone numbers or links.
If you are in doubt about the veracity of a message you receive from your Travel Consultant, do not reply to that message, and do not click any links contained within it; create a brand new email to your Travel Consultant, or call them directly. Replies to a scam message will go to the phisher, not to your Travel Consultant. If you have received any suspicious looking messages, please forward them to us at firstname.lastname@example.org or review directly with your Travel Consultant.
Some additional information on phishing and tips for avoidance can be found here: http://www.phishing.org/10-ways-to-avoid-phishing-scams