How to protect yourself from fraud
Recognise and prevent fraud with corporate cards
Phishing, vishing, smishing, and the like are popular scams in which fraudsters pretend to be from a bank, credit card company, or other trusted organisation.
The sole purpose is to obtain personal information such as login credentials, passwords, and account numbers to use with fraudulent intentions.
Recognise and prevent fraud with corporate cards
If you receive a call, email, or text message about AirPlus or any other trusted organisation that you think may be from a fraudster, please remember the following:
Under no circumstances should you disclose your card number, card PIN, one-time passwords, login credentials and passwords, or complete ID card data.
If you believe that your AirPlus card information has been misused or is being compromised, contact AirPlus Customer Service immediately at the number on the back of your card. This helps us limit your risk of fraud directly.
Current approaches to common scams
Fraud by email (phishing)
Email phishing is an attempt by fraudsters to trick you into revealing private information. Scammers often pretend to be from parcel delivery service providers, banks, credit card issuers, the government, or other reputable organisations to acquire your card information.
You can recognise phishing emails by the following obvious signs:
- Impersonal greeting in the email, without mentioning the recipient's name.
- The email is sent from an unknown address or uses the company name of the alleged sender only in or as part of the subdomain or suffix of the sender's email address (e.g. www.xyz.com, airplus.xyz.com or xyz.com/airplus).
- The embedded link refers to a fraudulent webpage that does not belong to the airplus.com domain, where you are supposed to log in or enter personal data.
- In the URL bar, the internet address shows the name of the company together with an unusual combination of numbers. It is most likely that this is a fake internet address.
Check carefully whether an email is genuine
Fraud by phone (vishing and spoofing)
Vishing is a form of phishing that uses voice and telephony technologies to extract your personal details to use for fraud. It usually requests your urgent action.
If you receive a phone or video call from someone who claims to be from AirPlus and asks you to confirm a verification code or for a one-time password you received by text message (SMS) or email, it is most likely fraudulent.
When vishing, scammers may impersonate their own phone number as that of AirPlus. This practice of concealing a telephone number is called spoofing.
One-time passwords (OTP) are verification codes that can be used to complete an ecommerce transaction, add card details to a smartphone (digital wallet, Apple Pay, and Google Pay), or access the AirPlus Business Travel Portal.
Fraudsters take advantage of this: They claim they need your OTP as verification code to confirm your identity or protect you from suspicious activity on your account. In reality, they use it to authorise fraudulent transactions.
AirPlus will never ask you for a one-time password or verification code by phone!
The verification codes that AirPlus sends by email or SMS must never be passed on to third parties. They may only be entered personally in the log-in or verification masks on your own personal devices.
Prevent fraud caused by vishing and spoofing
Fraud by SMS and text messages (smishing)
Similar to telephone scams, fraudsters can send you a text message pretending to be from AirPlus, parcel delivery service providers, or other well-known organisations. The fraudulent text message often looks deceptively genuine.
How to recognise fraudulent SMS or text messages
- The content may give you a warning or alert and ask you to take immediate action to avoid consequences.
- The message may contain spelling or grammar mistakes.
- The text contains a link and asks you to click on it.
- The embedded link leads to a fraudulent webpage that does not belong to the airplus.com domain, where you are supposed to log in or enter personal data.
Be suspicious of text messages (SMS)
QR codes as gateway for fraudulent websites (quishing)
Fraud using QR codes, often referred to as QR code fraud or quishing, is a type of scam where fraudsters use quick response (QR) codes to deceive individuals into revealing personal information, financial details, or unwittingly transferring money.
QR codes can be used for a variety of scams
Fraudsters may create QR codes that direct users to phishing websites.
QR codes can lead users to download malware or spyware. Once installed, this software can steal information from the user's device, track their activity, or even lock the device and demand a ransom.
Scammers sometimes replace legitimate QR codes (like those used for mobile payments in stores or restaurants) with their own. When a victim scans the fraudulent QR code to make a payment, the money is transferred to the scammer instead of the intended recipient.
Scammers may distribute QR codes that supposedly lead to websites offering prizes, discounts, or exclusive deals. These are designed to harvest personal information or trick users into making payments under false pretenses.
Fraudsters may send QR codes via email, social media, or even print them on flyers and posters. Unsuspecting individuals might scan these out of curiosity, leading them to malicious websites or downloads.
To protect against quishing, it's important to:
- Avoid scanning QR codes from unknown or untrusted sources.
- Check the URL that the QR code directs to before entering any information or downloading anything.
- Keep your mobile device's software and security features up to date.
- Use reputable QR code scanning apps that can check for malicious links.
- Be cautious of QR codes attached to unsolicited emails, messages, or printed materials.
Being aware of these risks and exercising caution when scanning QR codes can help prevent falling victim to such scams
Social engineering
Social engineering is a method of manipulating individuals to gain access to sensitive information, systems, or physical locations. It involves psychological manipulation rather than technical means, relying on human interactions and the tendency of people to trust one another. This also includes the famous romance scam.
In this scam, fraudsters pretend to be trustworthy people and exploit the willingness to help and the trust of their victims.
They use these means to deceive individuals or groups into divulging confidential information, performing actions, or providing access that they normally wouldn't.
Don't be too trusting
By staying vigilant, being skeptical of unsolicited requests, and following security best practices, you can significantly reduce your risk of becoming a victim of fraud.
Effective ways to protect yourself from fraud
Be cautious of emails, messages, or calls requesting personal or sensitive information.
Verify the legitimacy of requests by contacting the organisation directly using official contact information.
Be skeptical of unsolicited communications, especially if they claim to be from a trusted source.
Verify the identity of individuals making requests for sensitive information or who ask you to take immediate actions.
Be cautious when someone creates a fabricated scenario or exerts massive pressure to obtain information or access.
Verify the legitimacy of the situation with others before sharing sensitive information.
Avoid clicking on suspicious links or downloading files from untrusted sources.
Stay informed about common social engineering tactics and scams.
Educate yourself and others about the risks and how to prevent them.
If you receive an unexpected request for sensitive information or actions, verify it independently before responding.
Use official contact information rather than responding directly to the request.
Use strong, unique passwords for different accounts.