Need Help?

All organizations are vulnerable to online fraud. While IATA uses a sophisticated strategy and tools to prevent fraud attacks, fraud actors still find ways to bypass these efforts.

To help mitigate fraudulent activities, it is important that IATA stakeholders understand how to identify fraud so it can be reported to IATA's fraud prevention team. Below you will find examples of online fraud and guidance on how to report it.

Do not respond to messages originating from these domains, delete them and report any further activities to fraud.reporting@iata.org

Last update: 26 September 2023 

 

Need Help?

Latest fraud activity

This is a list of the most common fraudulent emails received by IATA. The list is not exhaustive and may change without warning. If you are unsure whether an email you received is a genuine email sent by IATA, please contact us at fraud.reporting@iata.org .

We appreciate all reports, including emails that are already on this list.

Please note that IATA never communicates via public email domains: @gmail.com, @outlook.com, @hotmail.com, @yahoo.com, @icloud.com, @aol.com, @protonmail.com, @gmx.com, @mail.com, @usa.com, @yandex.com, @mail.ru,  @qq.com, @163.com, @126.com, @sina.com, etc. You should assume that all emails sent from these domains which claim to be from IATA are fraudulent.

 

Warning!

IATA will never ask you to change bank account details by email. If you receive an email claiming to be from IATA that asks you to make payments to a new bank account, please contact us at fraud.reporting@iata.org .

IATA will never send you software by email. If you receive an email claiming to be from IATA that asks you to install software attached to the email such as an update for NDC, CRS, BSPLink, IATA ONE ID, or similar, please contact us at fraud.reporting@iata.org .

Fraudulent domain Fraudulent email accounts
newcasslink2-iata.org  
iata-freight.org  
newcasslink2.org agencymanagement@newcasslink2.org
ebroadcast-iata.org finance@ebroadcast-iata.org
iatacasslink-mailserver.com accounts@iatacasslink-mailserver.com
iata-casslinkportal.org agencymanagement@iata-casslinkportal.org
notification1@iata-casslinkportal.org
iata-casslink2.org agencymanagement.fr1@iata-casslink2.org
iata-invoicing.com invoicing@iata-invoicing.com
iatacollections.com invoicing@iatacollections.com
groupmail.com IATA.account@groupmail.com
gmail.com iatadept24@gmail.com
iata81908@gmail.com
exectveoffcer@gmail.com
outlook.com acount2023@outlook.be
agency-management@outlook.com
bill.invoice1@outlook.com
bill.invoice2@outlook.com
bill.invoice22000@outlook.com
iataagencymanagement@outlook.com
iataonline.org remittance.dept@iataonline.org
updates-iata.org finance@updates-iata.org
iata-casslink1.org agencymanagement@iata-casslink1.org
iatacasslink-mailserver.com accounts@iatacasslink-mailserver.com
iata-cass-link.org account@iata-cass-link.org
iata-casslinkportal.org  
iata-cass.org accounts.team@iata-cass.org
iata-casslinks.org account@iata-casslinks.org
accounts@iata-casslinks.org
onice.io finance@myiata.onice.io
bps-iata.org agencymanagement@bps-iata.org
bsp-iata.org invoices@bsp-iata.org
iata-freight.org  
iata--cass.org  
sis-iata.org finance@sis-iata.org
paysys-iata.org financ@paysys-iata.org
iata-cargoagents.org agency_management1@iata-cargoagents.org
ar-iata.org agencymanagement@ar-iata.org
Lata-casslink.org agencymanagement1@lata-casslink.org
billing.support@lata-casslink.org
laura.bellorio@lata-casslink.org
bsplink-iata.org invoices@bsplink-iata.org
iatacargo.org admin@iatacargo.org
iatacargo@iatacargo.org 
iata.cargo@iatacargo.org
Iata-cass@iatacargo.org
iata-cass@iatacargo.org
iatacargo.com iatacass@iatacargo.com
iata.cass@iatacargo.com
pay-iata.org finance@pay-iata.org
casslink-Lata.org billing.support@casslink-lata.org
agencymanagement1@casslink-lata.org

casslink-iata.online agency.management@casslink-iata.online
iataus.com accountingdept@iataus.com
billingdept@iataus.com
ch-iata.org agencymanagement@ch-iata.org
iata-cargo.org pa.terrorde@iata-cargo.org
ich-iata.org agencymanagement@ich-iata.org
iata.finance pa.terrorde@iata.finance
ae.org pa.terrorde@iata.ae.org
iatahq.org invoices@iatahq.org
iatapartners.org iata@iatapartners.org
agencymanagement@iatapartners.org
iatabsp.org invoices@iatabsp.org
ice-cass.org agencymanagement@ice-cass.org
collector.org iata.casagent@collector.org
agencymanage.iata@collector.org
cns-cass.org iata@cns-cass.org
cass-cns.org iata@cass-cns.org
cassnmanangements.org iata@cassnmanangements.org
cassnmanangement.org iata@cassnmanangement.org
casmanagement.org iata@casmanagement.org
cassmanagement.org iata@cassmanagement.org
cassmanagements.org iata@cassmanagements.org
cnssmanagement.org agency@cnssmanagement.org
cnsmanagements.org agency@cnsmanagements.org
iatamanagement.org agency@iatamanagement.org
payment@iatamanagement.org
iatacass.org accountant@iatacass.org
cass-billing.org iata@cass-billing.org
cass-iata.org agencymanagement@cass-iata.org
cass-portal.org iata@cass-portal.org
casslink-iata.org billing@casslink-iata.org
payment@casslink-iata.org
cassllink-iata.org billing@cassllink-iata.org
iatagr.org mamalakisg@iatagr.org
iataaccountingdepartment.org iatarepdep@iataaccountingdepartment.org
familyhomecaretn.info infos@familyhomecaretn.info
officesystememail.info office@officesystememail.info
cgce.com.sg accounts@cgce.com.sg
hbsc.com.sg sandar@hbsc.com.sg
execsupportss.com it@execsupportss.com
departrnent.com iata-accounting@departrnent.com
account.com

IATA.INFO@account.com

accountant.com

invoicemanagement@accountant.com
iatamanagement.agency@accountant.com

iata.managementgency@accountant.com
iata-casagency@accountant.com
accounting.department.paymen2023@accountant.com
accounting.departmen.payment2023@accountant.com

accounting.department.payment@accountant.com
accounting.department.payment.org1@accountant.com

accounting.department2022@accountant.com
accounting_department2023@accountant.com
accounting.department223@accountant.com

accounting_department@accountant.com
accountingdepartment.iata@accountant.com
accounts_department@accountant.com
account.payable@accountant.com
accounts-payable@accountant.com
accounts.payables@accountant.com
accounts-payables@accountant.com
acc-payables@accountant.com
agency.iata@accountant.com
agency.management@accountant.com
agency_management@accountant.com
agencymanagement2022@accountant.com
agency-managementt@accountant.com
agencymanagementt@accountant.com
airlines_iata@accountant.com
airlines-iata.org@accountant.com
billing@accountant.com
iata@accountant.com
iata_2021@accountant.com
iataagent.dr@accountant.com
Iata.airlines@accountant.com
iata.agency@accountant.com
iata.agencymanagement@accountant.com
IATA.ACCCOUNTING.DEPARTMENT.ORG@accountant.com
IATA.agency-management@accountant.com
IATA.agency-managements@accountant.com
IATA.agency-managementz@accountant.com
iata-cass@accountant.com
iata.cassaccountant@accountant.com
iata.cassagency@accountant.com
iata.cassinfo@accountant.com
IATA_Customer_Service@accountant.com
iata.infoservice@accountant.com
iata.invoiceinfo@accountant.com
IATA.IATA.ORG@accountant.com
iatamanagements.org@accountant.com
iata.managementgency1@accountant.com
iata.org2009@accountant.com
iata.org2023@accountant.com
iata.org202@accountant.com

iata_org@accountant.com

iata-casslink.org account@iata-casslink.org
payment@iata-casslink.org
cass-portal.com payment@cass-portal.com
casslinks-iata.org payments@casslinks-iata.org
airlines-iata.org account@airlines-iata.org
accounts@airlines-iata.org
emailteamsupport.info office@emailteamsupport.info
siteprotect.com iata@siteprotect.com
inv-iata.org accountant@inv-iata.org
bevaj.com iata@bevaj.com
hbsc.com.sg sandar@hbsc.com.sg
iataairlines.org accounts@iataairlines.org
iata-dues.org payments@iata-dues.org
iata-paymen.com invoice@iata-paymen.com
iata-office.org payments@iata-office.org
airport-iata.org account@airport-iata.org
citronmail.hu agency.management@citronmail.hu
iata.accounts.payables@citronmail.hu
llata.org
agencymanagement@LLata.org
europe.com agent1@europe.com
iata@europe.com
IATA.IATA2022@europe.com
iata.managementagency@europe.com
mail.com accountingdepartment.iata@mail.com
aero-gulfaviationservices.com career@aero-gulfaviationservices.com
vccusa.org office@vccusa.org
iata-a.org
ferratec@iata-a.org
iata-dept.com debt-office@iata-dept.com
iatadepts.com
account@iatadepts.com
accounting-iata.com account@accounting-iata.com
tvhistp.com doyajoma@tvhistp.com
i-iata.org account​@i-iata.org
methdesig.net abqotxqhvvdg@methdesig.net
lpkibqtzrcl@methdesig.net
hostipus.com oszrmltklrlq@hostipus.com
onmicrosoft.com
psf@xvth.onmicrosoft.com
agents-iata.org customer.portal@agents-iata.org
Payments@agents-iata.org
bergstrominc.com Iortiz@bergstrominc.com
cnscc.us cnsaccounting@cnscc.us
eurotour.tur.ar correo@eurotour.tur.ar
graphic-designer.com
Tianaarea17@graphic-designer.com
iata.org.uk noreply@iata.org.uk
iata-finance.org ​finance@iata-finance.org
creditmanager@iata-finance.org
​iata-org.co @iata-org.co​
​iata.email lata@lata.email
iataa.org info@iataa.org
invoice@iataa.org
​iato.org ​​​noreply@iato.org
iota.org noreply@iota.org
​​iiata.org ​​account@iiata.org
ilata.org account@ilata.org
iname.com info.iccs@iname.com
inbox.lv iata-1@inbox.lv
animals22@inbox.lv
​​invoice-iata.org ​accounts@invoice-iata.org
info.csame@invoice-iata.org
​​nepia.com ​tony.allen@nepia.com
​​netathome.co.ke ​​dalex@netathome.co.ke
presidency.com hans-logisticss.com@presidency.com
receipts-iata.org payments@receipts-iata.org
voicemessages.us broker@voicemessages.us
flytrs.com info@flytrs.com
bredband.net gerhard.sager@bredband.net
facetohen.ml admin@facetohen.ml

The websites/companies listed below display the IATA logo or make reference to IATA without authorization. These websites/companies are not accredited, affiliated, or otherwise endorsed by IATA. 

  • Fajri Pratama Logistics - fajripratamalogistics.com
  • VIP Dac USA - vipdacusa.com
  • Leca Logistics BV - lecalogisticsbv.com
  • Transway-Animals - transway-animals.net
  • Vikuhelp - vikuhelp.com/travel
  • Flytrs - flytrs.com
  • iata.org.xy2401.com
  • jieranqiche.com/iata

 

Fake travel agent websites

Fraudulent online travel and flight booking agencies operate internationally. These websites can appear highly professional and some may display IATA’s accredited agency logo to appear legitimate. Because this is a growing concern, IATA suggests using only verified agencies.

Verifying the legitimacy of an IATA accredited agency

IATA accredited agencies have a unique IATA ID code, which is the best way to verify the legitimacy of a travel agency. Agencies must provide their IATA ID code upon request. IATA ID codes can be verified on our website Check A Code, or by contacting IATA Contact & Support. If you have any doubts regarding the legitimacy of an IATA accredited agency please contact us at fraud.reporting@iata.org.

Fake statements from member airlines and strategic partners

Fraudsters often feature false statements on their websites claiming to be IATA accredited, protected or bonded, or claim that they hold membership with IATA. Be aware that when a travel, cargo, or service agency references IATA on their home page, it does not necessarily mean that they are IATA accredited.

To verify the validity of IATA's member airlines and strategic partners we recommend the following:

Recognizing Fraud

Email is one of the most frequent fraud techniques. Fraudsters posing as IATA often target travel organizations and other industry stakeholders with the intention of extorting money. Read more about fraudulent email techniques with the IATA Fraudulent emails warning (pdf)

Types of email fraud:

  • Phishing: emails claiming to be from legitimate organizations asking individuals to take a risky action such as transferring money to a new bank account, or reveal confidential information such as passwords and bank details. 
  • Spoofing: email addresses disguised as IATA domains with a different reply-to address.
  • Malware: emails requesting to install software attached to the email, such as an update for BSPLink, IATA ONE ID, or similar.
  • Puppy scams: IATA does not sell or transport animals. Emails purporting to originate from IATA which offer to sell or deliver puppies or other live animals are fraudulent.
  • Luggage scams: IATA does not charge any fees related to returning lost or missing luggage.

Recognizing fraud

  • IATA will never ask you to change bank account details by email.
  • IATA will never send you software to install by email.
  • IATA never communicates through public email domains: yahoo.com, gmail.com, etc.
  • IATA will never ask you to share confidential information via email, such information should only be shared through the Customer Portal
  • Verify our list of current and recurrent email domains used by fraudsters located on the Fraud Activity tab.

Reporting fraud (with reference to IATA)

  • If you receive an email from a fraudulent address, forward it as an attachment to fraud.reporting@iata.org and then delete it

IATA’s genuine email domain addresses

IATA uses several domains when communicating by e-mail. Below is the list of official domains used by IATA

  • iata.org, iatan.org, iata.force.com, cnsc.net

For example:

  • updates.iata.org
  • consulting.iata.org
  • surveys.iata.org
  • ebroadcast.iata.org
  • external.iata.org
  • indp.iata.org
  • iata-pay.iata.org
  • cargo-download.iata.org
  • training.iata.org

For example:

  • updates.cnsc.net

What addresses does IATA use to send emails?

IATA uses many addresses to send emails to its customers. IATA emails typically end in ‘@iata.org.’ Subdomains like ‘@info.iata.org’, ‘@updates.iata.org’ and ‘@bsplink.iata.org’ are also used for different purposes. Please be aware that fraudsters use spoofing methods to make an email address appear to end in “@iata.org”, but the reply-to address will be different. If you are unsure whether an email from IATA is genuine please contact fraud.reporting@iata.org .

I just realized I have paid a fraudulent invoice, what do I do?

  • We advise you to contact your bank and notify them to cancel or recall the payment.
  • We advise you to contact the destination bank and notify them to stop or cancel the payment and freeze the fraudulent account.
  • We advise you to inform your local law enforcement authorities and raise a complaint at their office or via their website.
  • You can report the fraud to our partner Cybera.io who may be able to help recover the funds.

What can I do to protect myself?

Immediately contact Fraud Reporting when you receive emails/invoices that appear suspicious or fraudulent.

  •  Only communicate sensitive information with IATA through official channels such as our Customer Portal www.iata.org/cs .
  • Fraudsters often use threatening or urgent language in order to get you to pay into their account as soon as possible. They may even call your office and pose as an IATA employee. First check with the Fraud Reporting team to see whether the suspicious email/call you received is valid or not.
  • Distribute the information about fraud tactics around your office
  • You can give our fraud warning to your company’s internal communication to circulate and also let your colleagues know the tactics that are being used by fraudsters. The more people that are made aware of fraudulent attacks, the less susceptible they are to fraudulent attacks
  • Pass information regarding fraud prevention to new employees
  • New employees can easily fall victim to fraudulent attacks because most are unaware of how to identify and deal with them. If you are leaving your current position in your organization, we advise that you pass any information you have to the new employee if possible. If circumstances do not permit, please advise your HR department to inform your replacement about the fraudulent emails and invoices

I received a suspicious email, but it is from an IATA employee, what do I do?

Fraudsters have been known to use the names of real IATA employees in order to make their fraudulent email appear legitimate. Please forward all suspicious emails to fraud.reporting@iata.org

What security measures does IATA have in place to prevent fraud and what do we recommend others implement?

Domain spoofing is the trick of forging an email header so that the message seems to originate from someone or somewhere different from the actual source.

 

DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance is an email protocol, designed to protect a company's email domain from being used for email spoofing and phishing scams.

IATA has implemented both email authentication components of DMAC: "Sender Policy Framework" (SPF) and "Domain Key Identified Mail" (DKIM).

This allows, email receivers to check if incoming messages have valid SPF and DKIM records and if these align with the sending domain. After these checks a message can be considered as DMARC compliant or DMARC failed.In case of DMARC failure, IATA had defined that the email delivery should be rejected.

For further information about DMARC, please visit https://dmarc.org/.