Handling and Reporting Fraudulent e-Mails
There have been attempts to obtain payments from users of IATA products and services through fraudulent e-mail messages. On this page you will find resources to help you detect such fraud and report it to us.
Tactics used by fraudsters
- IATA customers are contacted under a false name, sometimes similar or identical to the names of IATA officials, seeking payment for products or services and/or claiming payments for outstanding amounts due.
- The fraudster uses an e-mail address resembling IATA e-mail addresses but using different host servers such as “gmail”.
- The name of the e-mail sender is masked, which makes it appear as if it was sent from a valid IATA address.
- The fraudster e-mails forged or or scanned documents bearing the official IATA logo or forged signatures, although generally the logo is of poor quality.
How to identify an official IATA e-mail
- All official IATA e-mails use the "@iata.org" domain.
- Every outgoing e-mail from "@iata.org" has a digital signature with a certificate issued by GlobalSign, a trusted digital certificate authority.
- This digital signature allows you to verify the authenticity of the e-mail and that it is from IATA.
See how to verify the digital signature (pdf)
- An authentic IATA invoice or an IATA payment reminder will never request settlement payment into a non-IATA bank account.
- IATA will never ask you to respond to an email address other than “@iata.org”.
What you can do to protect your organization
If your IT infrastructure does not support e-mail digital certificates
- IATA can deactivate the digital signature for all IATA e-mails to your company, in case your IT infrastructure does not support e-mail digital signatures.
- To have the digital signature deactivated for your company, please complete this exception request (pdf) and send it to firstname.lastname@example.org
- You need to be aware that IATA cannot accept liability for any damage or loss incurred by your company as the result of acting on a fraudulent e-mail.
To report fraudulent emails, or if you have any questions relating to fraudulent emails, please contact us at email@example.com.
For all other fraud-related matters, please contact us using our customer service portal.