IATA members ‘attacked’ in email scam

Aviation body warns its stakeholders to be vigilant after a largescale phishing attack on its members last month
File image.
File image.

The International Air Transport Association (IATA) has warned stakeholders to be cautious after fraudulent emails impersonating the organisation were circulated last month.

IATA reiterated that it does not communicate via Hotmail, Gmail or AOL domains, which were among a number of senders it warns are fraudulent.

The full list includes @gmx.com, @yahoo.com, @hotmail.com, @iname.com, @accountant.com, @gmail.com, @mail.com, @aol.com, @live.com, @usa.com, or @outlook.com.

The trade association for the world’s airlines called on all stakeholders to remain vigilant against fraud and report any communications from emails that appear disingenuous.

A number of websites and companies have also been found displaying the IATA logo or making reference to the organisation as an affiliate without authorisation.

IATA said in a statement that companies such as CruiseBuilder, Fajri Pratama Logistics and VIP Dac USA “have no affiliation” to the trade association and “are not accredited or otherwise endorsed” by IATA.

Other companies listed include Global Alterius Logistics Ltd., Gateway VIP Services and First Priority Logistics Service.

“Unfortunately there is no 100% bulletproof solution,” an IATA spokesperson told Airlines.

“However, the risks of becoming a fraud victim can be reduced significantly by utilising an email authentication protocol called ‘DMARC’ (Domain-based Message Authentication, Reporting & Conformance), which was implemented in IATA’s email systems in 2017. 

“Any email that is compliant with DMARC will be blocked. This technology will help in preventing spam, spoofing and phishing.”

Most Popular