Van Horn Aviation | Composite Rotor Blades
Van Horn Aviation | Composite Rotor Blades

Beware of Invoice Fraud

Van Horn Aviation has been the target of several cases of invoice fraud over the past few years, a few of which have impacted our customers. Thankfully, as far as we know, all have been caught and identified as fraud before funds changed hands, but we want to alert our customers of these scams so you can be on the lookout for your own business and when you do business with VHA.


The Fraud

We’ve caught criminals hijacking VHA invoices in a few different ways hoping to trick customers into paying what they think are valid VHA invoices:

  • Criminals hacked into VHA email accounts and waited for an actual invoice sent by VHA to a customer, then hijacked the interaction between VHA and the customer by posing as VHA. In one instance they spoofed the VHA email address (which you can spot if you look at the header and the actual “from” address does not contain vanhornaviation.com). In another instance, the criminal registered a domain name close to vanhornaviation.com, and set up email addresses based on VHA employee names to hijack the interaction.
  • Criminals hacked into a customer’s email account and hijacked the transaction. In this case, the criminal became increasingly belligerent toward the customer, demanding payment on the invoice in a rough and crude manner. After about two weeks of this email interaction, the customer picked up the phone and called VHA, which is how both we and the customer determined a criminal was involved.
  • Criminals have sent “outstanding invoice” emails to a few distributors using fake VHA signatures with employee names and positions that don’t exist. One email asked for acknowledgement so “we can inform you of current bank details for payment.” That email was forwarded to the distributor’s accounting department, which emailed VHA directly for more information on the outstanding invoice. Another email used an internal audit and the Covid crisis as basis for changing payment details. That distributor saw that the reply email address was a Gmail address and immediately brought it to our attention.

In all of the above cases, personal interaction prevented the criminal from succeeding, but not before inflicting a lot of wasted time and frustration on the victimized party.


What We’ve Done to Prevent Invoicing Fraud

Since becoming aware of these increasing attacks, we’ve done the following to protect both VHA and our customers:

  • We’ve increased the internal security on our servers and network to prevent hackers from gaining access to company computers and emails.
  • We removed our employees’ email addresses from our website to prevent criminals from spoofing email addresses of our people that our customers would recognize.
  • We do not send invoices by regular email as of October 2018. We use a secure email method, fax, or mail. No banking information is sent via email.

How Do You Know It’s Really VHA?

Here are a few things that you as a customer can do if you’re unsure about an invoice that you’ve received from VHA:

  • Give us a call. Our phone number is 1-480-483-4202. That’s the phone number that should be on the invoice. If it’s different, the invoice may be fraudulent. But give us a call just to be sure.
  • Check the “From” email address. Since we’re no longer sending invoices by regular email, if you receive an invoice by this method without prior coordination from VHA, it’s definitely fraudulent. 
  • You can also check the header to make sure the sender’s email address ends in vanhornaviation.com.  If it ends in anything else, it’s fraudulent.
  • Even if the “From” email ends in vanhornaviation.com, be sure that’s the actual reply-to address. If a “From” email address is spoofed, the reply-to email address is usually coded as something different. If you reply to an email and the reply address doesn’t match vanhornaviation.com, call us instead.
  • Check the “Our People” page to see if the name and position being used is a real person who works at VHA. This isn’t a guarantee that the email is legitimate, but it’s a definite flag if the signature is from a name and position not listed on that page.
  • We don’t use bullying tactics to pressure you into paying an invoice. If you start seeing email messages that threaten or bully you, it’s a sure sign that it’s not us, but a criminal desperate to get your cash.

A Final Fraud Case to Be Aware Of

This case didn’t impact any customers, but it’s common enough to be on the lookout.

A foreign criminal poses as a customer ordering product (in our case, a set of UH-1 tail rotor blades), “accidentally” overpays the invoice amount with a phantom international bank transfer (that looks like the funds have transferred but actually have not because it can take up to five days for international funds to transfer), and then asks the company to refund the difference. If the fraudulent transaction is not caught, the criminal gets the refunded cash, but the company doesn’t get paid because the initial transaction is withdrawn before funds are transferred. Our bank actually caught this one, so thankfully no funds or product were transferred to the criminal, and of course the accounts the criminal used to create the phantom transfer were untraceable. The case was directed to the FBI by our bank, which is compiling thousands of these cases.

SHARE THIS POST:

By Kim VHA April 25, 2025
For 206L LongRanger operators flying P/N 20633000-101 serial numbers A007-A009 or A012-A104, we would like to remind you that these blades are subject to AD 2022-22-08, which requires recurring tap inspections every 400 flight hours or 2,400 engine starts, whichever comes first. You can learn more about the tap test requirements and procedure in our video . These blades are likely to develop a delamination in the area of the weight pocket on the lower surface of the blade. The AD further requires removing the blades from service if the delamination reaches 6 inches in length. However, extensive company testing indicates that all blades will likely achieve their full retirement life before that occurs. So long as the delamination is monitored and does not exceed the permitted length, the blades are entirely safe to fly with no adverse effects on aircraft behavior or performance. Operators are required to report their findings at every inspection interval to VHA for tracking using the form on the last page of Service Bulletin 33000-4 . Completed forms should be emailed to info@vanhornaviation.com . Providing this data helps to ensure all operators of these blades remain safe. All of the identified blades are likely to have delaminations, so if none are detected please contact us for assistance. In addition, this AD is considered an interim action and once sufficient data is gathered it may be updated to reduce the required frequency of inspection. Refer to AD 2022-22-08 and SB 33000-4 for further information.
Photo of AS350 tech brief being presented at Verticon 2025
By Kim VHA April 16, 2025
AS350 Tail and Manufacturer Tech Briefs Given at Verticon 2025 Posted Here
By Kim VHA March 6, 2025
Eurosafety Pilot Kevin Nelson