All employees can help to make it more difficult for criminal activities attempting to book travel through the University’s booking systems. Photo: mostphotos/Jaromir Chalabala.

2021-08-25

Criminals abuse the University’s travel system

By booking trips via the University’s booking system, criminals have managed to book tickets that have been used for smuggling people, weapons and drugs. But all employees can help to minimise this abuse of the system.

It's a sad fact that the University’s travel booking system has been utilised by criminals. Because criminals have been able to obtain codes, email addresses, telephone numbers, customer numbers and similar data, they have sometimes managed to book tickets that are used for criminal purposes and end up being paid for by the University.

“We know of a number of cases of smuggling people as well as weapons and drugs that have occurred using tickets issued in the name of the University,” says Marie Engegard, travel manager at the University Administration. “In some cases, we have even borne the costs. That money could, of course, be put to better use. So we need to work together to try to avoid this kind of fraud and identity theft.”

Multiple measures

“We take steps continuously to increase security and avoid fraud and identity theft.”

Some examples of these measures are that you need to be logged in to the Staff Portal to make a booking and that you need to contact Travel Support to change the name or email address in your passenger profile in the booking system. We are also bringing in automatic passenger profiles for all new employees when they are added to the HR system. We hope that this will be up and running during the autumn.

“These measures make it more difficult for criminals. But we also need all employees to help out, even if it sometimes means it's a bit more cumbersome to use the system than it might otherwise need to be. It is ultimately about stopping criminal activities such as human trafficking and other forms of smuggling.”

Report unknown travel confirmations

If you receive a confirmation email for a trip that you have not booked yourself, it is important that you report it to resesupport@uadm.uu.se.

“We report all attempts at illegal ticket bookings to the police. The police and Interpol are, of course, very interested in trying to arrest suspected criminals who are utilising our ticket booking system.”

Book trips for guests

Uppsala University has many incoming guests of course, and we often pay for their travel. It might seem easiest to let the guest book their own trip via our systems. But to minimise opportunities for criminals to abuse the system, it should be a University employee who makes the booking.

“Avoid giving access to incoming guests to make bookings themselves in our systems. The booking should go through an employee who is then responsible for the booking.”

Do not publish codes

Another problem that arises now and then is that different units publish procedures, codes and information from documents of value such as passports for travel bookings on websites that are not secure (no padlock in the browser URL line).

“Do not publish this type of information. Instead link to the Travel pages on the Staff Portal.

The Travel pages on the Staff Portal are secure for precisely this reason and you need to log in to be able to access them.

Anders Berndt

Six things you can do to help thwart criminal activity

Take note if you receive a travel confirmation email to your University email address if you have not booked the trip. Report it immediately to resesupport@uadm.uu.se.
Avoid giving access to incoming guests so that they can make bookings themselves in our systems. The booking should go through a University employee who is then responsible for the booking.
Travel bookings for a guest must not be made over the phone. The booking must be emailed from a personal University email address. You can email first saying you that you want to call them for assistance.
An email confirmation of a business trip must always go to a personal University email address – not to a function email address.
Never publish information from documents of value such as customer numbers, special e-mail addresses, telephone numbers or other information that could lead to unauthorised people being able to use the University’s travel booking system.
If you need to provide information about how to book travel, send a link to the Travel pages on the Staff Portal.

Read more about travel booking on the Staff Portal.

Filtration