Beware of Invoice Fraud

Van Horn Aviation has been the target of several cases of invoice fraud over the past few years, a few of which have impacted our customers. Thankfully, as far as we know, all have been caught and identified as fraud before funds changed hands, but we want to alert our customers of these scams so you can be on the lookout for your own business and when you do business with VHA.

The Fraud

We’ve caught criminals hijacking VHA invoices in a few different ways hoping to trick customers into paying what they think are valid VHA invoices:

  • Criminals hacked into VHA email accounts and waited for an actual invoice sent by VHA to a customer, then hijacked the interaction between VHA and the customer by posing as VHA. In one instance they spoofed the VHA email address (which you can spot if you look at the header and the actual “from” address does not contain In another instance, the criminal registered a domain name close to, and set up email addresses based on VHA employee names to hijack the interaction.
  • Criminals hacked into a customer’s email account and hijacked the transaction. In this case, the criminal became increasingly belligerent toward the customer, demanding payment on the invoice in a rough and crude manner. After about two weeks of this email interaction, the customer picked up the phone and called VHA, which is how both we and the customer determined a criminal was involved.
  • Criminals have sent “outstanding invoice” emails to a few distributors using fake VHA signatures with employee names and positions that don’t exist. One email asked for acknowledgement so “we can inform you of current bank details for payment.” That email was forwarded to the distributor’s accounting department, which emailed VHA directly for more information on the outstanding invoice. Another email used an internal audit and the Covid crisis as basis for changing payment details. That distributor saw that the reply email address was a Gmail address and immediately brought it to our attention.

In all of the above cases, personal interaction prevented the criminal from succeeding, but not before inflicting a lot of wasted time and frustration on the victimized party.


What We’ve Done to Prevent Invoicing Fraud

Since becoming aware of these increasing attacks, we’ve done the following to protect both VHA and our customers:

  • We’ve increased the internal security on our servers and network to prevent hackers from gaining access to company computers and emails.
  • We removed our employees’ email addresses from our website to prevent criminals from spoofing email addresses of our people that our customers would recognize.
  • We do not send invoices by regular email as of October 2018. We use a secure email method, fax, or mail. No banking information is sent via email.


How Do You Know It’s Really VHA?

Here are a few things that you as a customer can do if you’re unsure about an invoice that you’ve received from VHA:

  • Give us a call. Our phone number is 1-480-483-4202. That’s the phone number that should be on the invoice. If it’s different, the invoice may be fraudulent. But give us a call just to be sure.
  • Check the “From” email address. Since we’re no longer sending invoices by regular email, if you receive an invoice by this method without prior coordination from VHA, it’s definitely fraudulent. You can also check the header to make sure the sender’s email address ends in  If it ends in anything else, it’s fraudulent.
  • Even if the “From” email ends in, be sure that’s the actual reply-to address. If a “From” email address is spoofed, the reply-to email address is usually coded as something different. If you reply to an email and the reply address doesn’t match, call us instead.
  • Check the “Our People” page to see if the name and position being used is a real person who works at VHA. This isn’t a guarantee that the email is legitimate, but it’s a definite flag if the signature is from a name and position not listed on that page.
  • We don’t use bullying tactics to pressure you into paying an invoice. If you start seeing email messages that threaten or bully you, it’s a sure sign that it’s not us, but a criminal desperate to get your cash.

A Final Fraud Case to Be Aware Of

This case didn’t impact any customers, but it’s common enough to be on the lookout.

A foreign criminal poses as a customer ordering product (in our case, a set of UH-1 tail rotor blades), “accidentally” overpays the invoice amount with a phantom international bank transfer (that looks like the funds have transferred but actually have not because it can take up to five days for international funds to transfer), and then asks the company to refund the difference. If the fraudulent transaction is not caught, the criminal gets the refunded cash, but the company doesn’t get paid because the initial transaction is withdrawn before funds are transferred. Our bank actually caught this one, so thankfully no funds or product were transferred to the criminal, and of course the accounts the criminal used to create the phantom transfer were untraceable. The case was directed to the FBI by our bank, which is compiling thousands of these cases.