Further to our bulletin of the 10th January warning of fraudulent emails which attempt to collect funds from users of IATA products and services, it has come to our attention that these emails are continuing to circulate.
As part of an awareness campaign IATA have created a document entitled "Warning - Fraudulent Emails" which contains commonly used email fraud techniques, IATA's communication practices and what you can do to better protect your organisation.
Key points include:
1. The fraudsters contact users under false names, sometimes using similar or identical names as those of IATA officials, seeking payment for products or services and/or claiming payments for outstanding amounts due.
2. The fraudsters use an email address resembling IATA email addresses but using different host servers such as "gmail", "iata-finance.org" etc.
3. The fraudsters may also use forged documents bearing the IATA logo or include links in the email to a spoofed (fake) website.
4. IATA communications will always come from an "iata.org" email address accompanied by a digital signature from the authorized responsible IATA employee.
5. Ensure that your systems allow you to read emails with digital signatures.
6. An authentic IATA invoice will never request payment into a non-IATA bank account.
7. Always be wary of requests to update or provide bank account information.
8. Whenever in doubt as to the authenticity of communications purporting to be from IATA requesting payment, please do not respond to the email and kindly notify IATA immediately at information.security@iata.org with a copy to atcinfo@iata.org & atsnetwork@iata.org (the authorised contact points for all ATC & ATS authorisation related questions).
Please take a moment to review this information and distribute to your staff particularly those responsible for settling invoices.
Thank you and regards
