Kaspersky researchers have uncovered a surge in scam emails where attackers impersonate major airlines and airports, including Emirates Airlines, Qatar Airways, Etihad Airways Amsterdam Schiphol, Lufthansa, and others, to trick businesses into engaging in fraudulent supplier and partnership communication. The goal of this scheme is to steal funds from the targeted organizations.

Since the beginning of September, Kaspersky solutions have detected and blocked thousands of scam emails of this type globally, and the volume of this type of fraud has increased compared to the previous months.

Example of a scam email sent by the attackers 

These fraudulent emails typically claim to come from the procurement departments of leading airlines, announcing new projects and looking for suppliers or contractors. Once the recipient responds, attackers send a series of fake documents, such as supplier registration forms and non-disclosure agreements, to appear credible. Targeted organizations are also asked to pay the “Mandatory Refundable Expression of Interest Deposit” of several thousand USD, indicating that its purpose is “to secure a priority slot in the partnership timeline” and that it will be refunded once the “partnership” is established.

“Scammers are actively mimicking legitimate business communications. By impersonating world-famous airlines, they exploit both the brand trust and the business aspirations of their targets. Since the documents shared in these schemes are not malicious, but simply forged, they can easily bypass basic security checks and seem believable to the untrained eye,” said Anna Lazaricheva, Senior Spam Analyst at Kaspersky.

In view of these attacks, Kaspersky recommends organizations to: 

• Verify the sender: Always check the domain name and contact details. If in doubt, reach out to the company directly through official channels.
• Be wary of deposits: Legitimate corporations do not ask for upfront payments to register as a supplier.
• Scrutinize documents: Look for inconsistencies in logos, language, and formatting. Subtle errors can be signs of forgery.
• Educate employees: Train procurement and finance teams to recognize common scam tactics. Solutions like Kaspersky Automated Security Awareness Platform offer online training that builds cybersecurity awareness.
• Use advanced security solutions: Deploy email security tools, such as Kaspersky Secure Mail Gateway that detect suspicious patterns and block fraudulent emails before they reach inboxes.

For enterprises that often have their names exploited by cybercriminals, brand monitoring provides early detection and takedown of phishing sites, fake profiles, and malicious apps.