IATA Fraudulent Emails Warning
IATA Fraudulent Emails Warning
IATA Fraudulent Emails Warning
If you have any questions concerning this document, kindly send your queries to
[email protected]
1
Email Fraud Techniques
Many types of fraud exist, and email is an inexpensive and popular method for distributing fraudulent
messages to potential victims. Approximately 90% of all email sent worldwide are spam, spoof and
phishing.
Some of the most common fraudulent messages are non-monetary hoaxes or non-monetary chain mail.
Treat these as you would with any other spam. However, if you receive an email message that appears
to involve payments, or asks for personal information such as
login IDs or passwords, do not respond. Several attempts have been
made to obtain payments from
Do not give out private information, reply to text messages, users of IATA products and
download or open attachments or click on any links in emails services. The most common
you are not sure they are genuine. technique is through the use
of fraudulent emails, with or
Methods employed generally include elements of the without fake invoices
following: attached. Additionally, some
attachments to fraudulent
1. The fraudster contacts users under a false name, emails have been found to
contain malware
sometimes similar or identical to the names of IATA
officials, seeking payment for products or services
and/or claiming payments for outstanding amounts
due.
[email protected]
[email protected] reply to
[email protected]
Please refer to our website for an updated list of the current most used fraudulent email address.
2
1. The fraudster uses a technique which allows the name of the true
Situation 1: Fraudster calling
sender of an email to be masked, so that the email appears to have been IATA customer
sent from a valid IATA address like [email protected]. In such cases, the
Company C received a fraudulent
fraudster asks the recipient to reply-to another email address, such as a
email offering a discounted
[email protected]. Strategic Partnership membership
renewal for the following year.
2. The fraudster uses forged documents bearing the official IATA logo, After responding to the fraudster
most likely copied from IATA website. These can appear to be legitimate with a request to proceed, the
Company C received an email with
invoices. a fake IATA invoice attached. The
invoice included bank account
3. The fraudsters email may suggest clicking on a link. After details in Indonesia. The email
clicking on the link, the user is taken to a fake IATA website that requested that Company C send
requests your login details, the purpose of which is to steal your login confirmation of payment via email.
Being able to recognize fraudulent emails can help prevent you from becoming a victim.
Following are examples of some emails received by users of IATA products and services.
Example No. 1
Fraudsters spoofing
genuine IATA address.
4
Example No.2
Reference made to
payment into a
different account.
Sometimes, these emails are accompanied by a fraudulent invoice. The invoice appears at times to be
based on a genuine IATA or Strategic Partner invoice.
Fraudsters have been able to make these look reasonably authentic as some recipients of the first email
have queried the existence of outstanding amounts and provided the fraudster with a copy of a genuine
invoice that had already been paid, this provides the fraudster with an appropriate invoice style and content.
Fraudulent invoices in the past have included charges relating to IATA Ground Handling Council
membership fees, designator fees, discounted Strategic Partnership memberships, and prefix code
retainer/administration fees.
5
The fraudster indicates in the emails or on the invoices that new payment arrangements are in force
and that the payment requested (or simply future payments where the approach is generic in style)
should be made to a new bank account.
Bank accounts with the following financial institutions have been used by fraudsters recently;
however, if a bank is not listed here, it does not necessarily mean that is legitimate from IATA
account.
United Kingdom: Royal Bank of Scotland, Santander UK PLC, Natwest Bank, Halifax Bank, TSB Bank
PLC, Barclays Bank PLC, National Westminster Bank, Bank of Scotland PLC, Metro Bank, Clydesdale
Bank, Guaranty Trust Bank (UK) Limited, HSBC Bank PLC, Lloyds Bank PLC, The cooperative Bank
PLC, Bank of Ireland (UK) PLC, Yorkshire Bank
United States: Bank of America NA, Regions Bank, Wells Fargo Bank, JP Morgan Chase, Chase Bank
6
Examples of fake invoices/bank notices/letters/ certificates
It is important to note that without the efforts of IATA customers, we would not know what
fraudulent accounts have been opened. If you receive new banking details in any form, please
forward them to Information Security whether or not you recognize it to be fraud. Allowing IATA to
notify the bank and save others from becoming victims of fraud.
7
8
Fraudulent letters are issued to obtain payments or information from any IATA stakeholder. These
letters are sent form fake IATA email addresses and come as attachments in PDF format.
9
There is no such prize; in fact fraudsters would request your personal information in order to follow
up with the prize. Allowing them to misuse your information and identity.
10
Example of a fraudulent prize certificate:
As in the last example, the prize is fake and fraudsters would request your personal information in order
to follow up with the prize. Allowing them to misuse your information and identity.
Fraudulent emails may also include a link that takes the user to a spoofed (fake) IATA website.
The purpose of spoofing an IATA website is to mislead the user into believing he is logging on to a
legitimate IATA website.
Once the login details are captured, the fraudster can then use the information to login as the user to
obtain billing information that will add authenticity to the fraudulent email attempts. In the case of
finance systems and billing, you should always manually navigate to an official website, instead of
"linking" to it by clicking a link from an unsolicited email.
11
Report a Possible Fraud
If you receive a suspicious or potentially fraudulent email, please report the relevant information using
the guidance below:
When reporting such messages, it is important to copy and paste the entire email, including the header
information.
Outlook 2013: Open the mail in question and select file. Info > Properties. Your message headers
are displayed
Outlook 2007: double-click the message so that it opens in its own window. In the Options
group, click the dialog box launcher (Small Square with an arrow).
Please also forward any attachments that you receive from a fraudster: When we receive this
information, it allows us to notify banks to close accounts immediately. Your actions can help
save other IATA customers from being victims of fraud.
If you believe you are a victim of email fraud attempt, we recommend that you also contact your local
law enforcement authority immediately. Action Fraud UK, IC3 in the United States and the Canadian
Anti-Fraud Centre. For other jurisdiction please contact Information Security.
12
Learn How to protect your company from fraud
All organizations are vulnerable to fraud, especially if elements of the following apply:
1. Belief that fraud doesn't affect your organization. In truth, businesses around the
world lose millions each year to frauds. Many organizations aren't even aware that they
have fallen victim to fraud.
2. Organization does not have set procedures in place to authorize purchases, pay
invoices and review expenditures.
3. Personnel are distracted when they pay invoices such that fraudulent emails and
invoices escape their notice.
4. Personnel do not have time to verify the source of the email requesting payment. To
resolve the matter, the invoice is paid out of convenience without further
investigation.
6. Personnel recognize the name and logo of IATA from having paid similar
invoices in the past. As a result, they might not review transactions or invoice
details before making a payment.
7. Organization does not report the fraud because personnel are either embarrassed or
ashamed. Law enforcement agencies depend on organizations that have fallen victim
to come forward and report fraudulent activity. IATA may be able to assist, please do
not hesitate to contact us.
Here are other points IATA suggests you do to protect your organization from email fraud:
1 Dont judge reliability by look and content. Email messages can come from many
sources and with the help of todays technology a fraudster can make an email and
invoices appear to be coming from a reputable source.
13
3 Implement a policy of checking, and having independent approval of, any changes to
existing, or setting up any new, payee bank account details.
4 Assign a limited number of employees to make purchases. Make sure that employees
with financial signing authority understand what responsibilities are tied to signing their
names on invoices and purchase orders
6 Double check the URL of websites and links. Companies always use clear URLs like
http://www.iata.org/Pages/fraudulent-websites.aspx Scam sites and links usually have
long addresses using special characters like =j&q=&esrc=s&source=web&
7 Talk to your staff and colleagues about fraud. Decide how your organization
will handle situations involving employees coming forward to report losses.
8 Be wary of collection calls from IATA staff. Due to the availability of worldwide
telephone numbers, fraudsters are now purchasing Canadian and other numbers in
order to appear to be calling from an IATA office. If you receive such a call, usually
followed by an emailed invoice, contact information security for verification.
9 Fraudulent messages can look like theyre from IATA, but on closer inspection are
from a public email account. For example, [email protected] is not a genuine IATA
email address.
10 Look for grammar and spelling mistakes. Scam emails are often electronically
translated from different languages, resulting in spelling errors.
11 If you receive a fraudulent email, IATA suggests that you block the sender using
your email client and delete the email in order to stop further attempts from the same
email address.
14
Frequently asked questions
What addresses does IATA use to send emails?
IATA uses many addresses to send emails to its customers. All IATA emails typically end in
@iata.org. Though there are subdomains like @info.iata.org, @updates.iata.org and
@bsplink.iata.org are other domains used for different purposes. Please be aware that fraudsters
using phishing methods to make an email address appear to end in @iata.org, but the reply address
will always be different. If you are unsure whether an email from IATA is genuine or not please
do not hesitate to contact Information Security [email protected] .
o Do not panic, often these fraudsters will use threatening language in order to get you to
pay into their account as soon as possible. They may even call your office and pose as an
IATA employee. First check with Information Security to see whether the suspicious
email/call you received is valid or not.
o You can give our fraud warning to your companys internal communication to circulate and
also let your colleagues know the tactics that are being used by fraudsters. The more
people that are made aware of fraudulent attacks, the less susceptible they are to fraudulent
attacks.
Please visit IATAs website for more information about most used fraudulent emails, phishing
attacks and tactics used by fraudsters.
Fraudsters have been known to use the names of real IATA employees in order to make their
fraudulent email appear legitimate. Please forward all suspicious emails to
[email protected]
16
General
GeneralSecurity
SecurityGuidelines
Guidelines
Avoid using the same password for multiple accounts (your personal email, work email, online forum
etc.)
If one account is compromised, then your work email could be as well.
Do not open attachments from unknown sources and do not run programs that are attached in emails
that are unknown to you.
These may contain malware that may give fraudsters access to your computer and secure emails.
Do not play games (especially online games) on your work computer. Online games are frequently
attacked by hackers and cheaters who can gain access to your computer through the games security
loophole.
If you do not need Java or Flash, disable them from your browser.
Ask you IT support group if you are unsure.
Ensure that your anti-virus is up to date and that your firewall is active. This helps protect you from
viruses or malware such as key loggers that try to obtain your password data.
If you connect to an open/public Wi-Fi network. Attackers can easily intercept/sniff your network traffic,
meaning that they could see whenever you attempt to log in to your email or make an online payment and
gain your credentials. Therefore, IATA suggests you to be very cautious whenever you connect to a
network that is open to everyone.
Close the browser after logging out. You not only need to log out of your email when you are done, but
you also need to make sure to close the browser window completely. It compromises your email security.
Use a spam filter on email servers: Teach your users how to identify junk mail even if it's from a trusted
source.
17