Kindly be informed that MATTA received email from Sabre pertaining to Phishing emails.
Phishing emails is a known threat that we discovered since last year and Sabre keep reminding their partners to be prudent in recognizing this threat.
To ensure each user is aware about this, below message will be prompted once consultant entering Sabre Central (self-help portal). And should they wanted to view a comprehensive list of the Phishing emails we’ve compiled so far. Alternately they can also follow this path: Home/Support/Additional Support Resources.
Please read the notification from Sabre as below for more information and details:
As we continue to partner with you to help you protect your business, we are sharing a few reminders about potentially harmful emails. It is important to remain diligent and incorporate best practices into your day-to-day processes. Clicking on links contained in emails, images, or websites could result in loss of personal data, grant access to your device (without your knowledge), or compromised credentials to business, financial or personal applications.
General agency security guidelines & incident reporting:
NEVER share your credentials (login & passwords) with anyone. Remember that Sabre will never ask for your credentials under ANY circumstances (by email, phone, or in-person). If you suspect your Sabre sign-in credentials have been compromised, validate all bookings and tickets issued, and report immediately if in question.
Phishing emails may reference updating security, products or features as seen in the more recent emails, as well as updating your password or credentials.
When in doubt, do NOT click on links contained in the email. (It is always best to go to your known saved links rather than clicking on links in emails.)
Check the sender’s email, as bad actors will attempt to mimic a trusted source's domain name to trick the user into accepting the email as trustworthy. Look for variations that may be different than the trusted source; it may be off by one character.
Protect all your devices by installing good anti-virus and malware detection software.
Use caution when clicking on links or opening attachments from an unknown or suspicious sender.
Report the suspicious activity via Sabre Central (Home > Support > Agency Security > Unauthorized Activity). Provide as much detail as possible and include a copy of the suspicious email if you still have it. Please attach the email rather than forward, so that our security team can analyze the message headers.
What to do if you have been a victim of a phishing email
In the event you have received a phishing email, clicked on the link, or opened a suspicious page on the internet, please perform the following steps immediately:
Run malware and or anti-virus scans. Ensure you have good anti-virus and anti-malware software installed.
Review recent downloads — look for unknown files.
Review browser history — check for unusual pages/domains.
Change all passwords managed on the device (see steps below).
Report incident via Sabre Central > Support > Agency Security > Unauthorize Activity.
How can I change my password?
You can change your Sabre password by accessing the Sabre system (Sabre Red 360) or from the Sabre Central site.
To change your password from the Sabre system, type the command SI*(EPR)-(PCC) in the command box. This will open a pop-up to enter your credentials > click on Reset Password > provide both current and new passwords.
To change your password in Sabre Central, access your profile at the top right-hand side > click Account Settings > Change my Password which will request EPR and PCC details > provide both current and new passwords.
What happens if I get locked when changing my password?
In case you get locked due to invalid sign-in attempts, you can reset your password with your previously defined “Security Questions and Answers” by clicking on “Forgot my password.” Contact CREATE or PASRES colleagues at your agency.
If after attempting these options you still require assistance, please send an email to the Helpdesk at firstname.lastname@example.org and include the following details – full name, PCC, agency name, agent ID/sign in, and valid phone number.
NOTE: Phishing is the attempt to acquire sensitive and personal information from unsuspecting individuals, usually for malicious reasons, by disguising as a legitimate institution in a form of communication, such as email.
Please be guided.
SHAZLI AFFUAT GHAZALI
Vice President Air Transportation
Term 2021 - 2023