Just like the rest of society, the transportation industry is not immune to scammers trying to help themselves to some unearned cash. And in the days of e-commerce, it’s getting even easier.
Recently, our attention was brought to some scammers fraudulently representing themselves as the International Air Transport Association (IATA). These fraudsters have concocted an e-mail scolding the recipients for not paying for their “Annual Review of Codes,” and threatening that if the deadline for payment is missed, recipients will lose their “assigned IATA airline codes.” They then instruct recipients to obtain a repeat copy of the invoice (which, of course, the targets never received in the first place) from an e-mail address that looks similar, but not quite identical, to the official IATA one.
Of course, if you do not actually run an airline, you may quickly recognize that something is wrong. But the scammers obviously hope that such official-looking invoices may fool some recipients into paying first, and asking questions afterwards.
Here’s what the current scam text looks like. Note, of course, that scammers will frequently change the wording slightly to avoid being pegged as spam.
“Dear IATA Code Holder,
Your company have exceeded the deadline for the Annual Review of Codes. As of this time we still have not received payment for your 2013 Annual Review fees. Please be advised that failure to pay the invoice for your 2013 Annual Review fees which has already exceeded the deadline date will result in the recall of your assigned IATA airline codes.
Should you require an electronic copy of this invoice please advise, and one will be sent to you by e-mail.
If you have made payment already, please provide the full banking details so that we may follow this up with our finance department and locate the payment. Please note any payment recently made, may not have had a chance to be reflected in our accounts.
Please be sure to quote your airline name, and assigned codes. This way it will be clear to us which airline we are dealing with when we receive your e-mail.
Thank You and Best Regards,
Tel + 514 874 020
Fax + 514 390 677
International Air Transport Association
800, Place Victoria, P.O. Box 113
Montreal, Quebec, Canada, H4Z 1M1″
Here are some of the tipoffs of a scam in this e-mail:
- The e-mail is not addressed to a specific individual, department or even a company, despite its attempt to pass itself off as a response to a specific transaction.
- The e-mail requests that the recipients identify themselves in the return e-mail, along with “full banking details”. No invoice number is provided; instead, the target is told to ask for another copy.
- Minor grammatical errors, such as “your company have”, and unorthodox capitalization of words are a common sign of a scam.
- Both the telephone number and fax number are missing their last digit. This reduces the likelihood that the recipient will try to obtain clarification from the real IATA by telephone – this would give the scam away immediately!
- Most telling of all is the e-mail address and signature. In the e-mail that came to our attention, the name of a real IATA employee was used. However, the e-mail address and digital signature are not those of IATA.
IATA’s own security page, http://www.iata.org/pages/fraudulent-email.aspx, provides a series of tips to identify fraudulent e-communication. They include:
- All official IATA e-mails use the “@iata.org” domain.
- Every outgoing e-mail from “@iata.org” has a digital signature with a certificate issued by GlobalSign, a trusted digital certificate authority. This digital signature allows you to verify the authenticity of the e-mail and that it is from IATA.
- An authentic IATA invoice or an IATA payment reminder will never request settlement payment into a non-IATA bank account.
- IATA will never ask you to respond to an email address other than “@iata.org”.
Not checking for fraud can be costly. One reporter who followed up by contacting the scammers (see http://www.tnooz.com/2013/05/13/news/exposed-how-online-fraudsters-dive-deep-into-iata-processes-to-secure-payments/), was sent a fake invoice totalling over $10,000!
If you do receive one of these fraudulent e-mails, report it to IATA at firstname.lastname@example.org.