GENEVA — IATA has sent out a warning to travel agents to be on the lookout for scam emails from fraudsters impersonating IATA staff or misusing the IATA logo and name.
IATA has updated its ‘Fraudulent Emails Warning’ PDF with new examples of the different techniques used by fraudsters and suggestions to better protect your organization from fraud. The PDF can be downloaded at iata.org/Documents/Fraud-Prevention/Fraudulent-emails-warning.pdf.
Fraudsters contact users of IATA products and services by email or telephone, under false names (sometimes misusing IATA employee names) seeking payment for products or services and/or claiming payments for outstanding amounts due.
Fraudsters use email addresses similar to an IATA email address but using different domain names such as @gmail.com or @iattafinance.org. Email accounts are often masked so that emails appear to have been sent from a genuine IATA address with the @iata.org domain name, while their reply-to domain name is different, e.g. email@example.com replies to firstname.lastname@example.org.
Forged documents sometimes display the IATA logo or include links to a fake website.
Examples of fraudulent emails:
Examples of fraudulent invoices with false banking information:
Examples of fraudulent letters:
Example of a fraudulent prize certificate:
Users of IATA products and services should always be wary of requests to update bank account information, says IATA. “If you doubt the authenticity of communications purporting to be from IATA, whether those communications request payment or not, please do not respond and notify IATA immediately at email@example.com.”
IATA says it’s also seeing a rise in the number of fraudsters calling travel agents on the phone and impersonating IATA staff. “This attempt at fraud is increasing. Although telephone numbers may seem correct based on location, please remember that with Internet phones, the fraudster can call from anywhere.”
IATA has a few tips for travel agencies looking to protect themselves from fraud:
- Don’t judge reliability by look and content. Email messages can come from many sources and with the help of today’s technology a fraudster can make an email and invoices appear to be coming from a reputable source.
- Be wary of requests to ‘update’ bank account information or to pay overdue invoices as you may be providing criminals with the information they need to gain access to others in your organization or to defraud third parties.
- Implement a policy of checking, and having independent approval of, any changes to existing, or setting up any new, payee bank account details.
- Be wary of collection calls from ‘IATA’ staff. “Due to the availability of worldwide telephone numbers, fraudsters are now purchasing Canadian and other numbers in order to appear to be calling from an IATA office. If you receive such a call, usually followed by an emailed invoice, contact information security for verification.”
- If you receive a fraudulent email, IATA suggests that you block the sender using your email client and delete the email in order to stop further attempts from the same email address.
For more details see iata.org/Documents/Fraud-Prevention/Fraudulent-emails-warning.pdf.