Menu
What's new
By:
Filters

Has Jeppesen been hacked?

G

Group W

Instrument Training
Joined
Oct 8, 2019
Messages
1,598
Location
Oregon 7S3
I get a ton of scam email and a message claiming to be from Jeppesen has the definite smell of a scam but it has some interesting features.

First, it has my correct name and Jeppesen account number, although I haven't used that account for quite a few years. It references ForeFlight which I do use but is automatically renewed. It contains an "invoice" which, unlike old legitimate invoices, is an Excel (.xlxs) file rather than .pdf. It's requesting payment of $450 without explicitly saying what for -- and that's the amount I used to pay years ago for data base updates for a GPS unit I've since replaced (and not the amount I pay for my only current Jeppesen product, ForeFlight). So it appears to be a sort of copy of a real invoice I got from Jeppesen years ago. I don't currently owe Jeppesen anything.

But what's really interesting is that it's asking for payment by direct wire or ACH, check, or credit card. The mailing address for check payment is actually Jeppesen, and the credit card payment URL is at Jeppesen.com. The "Finance Account Manager" email address is at Jepp.com which also belongs to Jeppesen. So it appears that the scammer can intercept some web and email Jeppesen addresses. I've forwarded a copy of the message and attachment to Jeppesen.

I strongly recommend that you don't respond to one of these, and by all means never follow a link and leave your credit card, bank, or other personal information.

Roy
 
This is getting weirder yet. I reported it to the email address given by the chatbot at the Jeppesen web site (captain@jeppesen.com) and got this reply today:

Hello Roy,

Good day, hope you're doing well!

We have set up our system for automated statement of account sent to our customers, which will be sent on weekly basis.

In this case, yes you have paid $450.00 in 2016 11th Dec, but the payment is still on account with us, it’s not applied to any invoice. so you're receiving this notification.


Regards,
A B Sanjana
Jeppesen Cash application Analyst
a.b.sanjana@jepp.org
=======================================================
Tata Consultancy Services- India
For any Escalation – sachin.s.jaiswal@jepp.org
Click to expand...

which makes no sense, and I got another "invoice" this morning. Does anybody have any idea what's going on? Is this stuff really coming from Jeppesen or some company they've contracted with? Does Jeppesen actually have control of jeppesen.com and jepp.com? All I know for sure is that the "invoice" is asking me to pay $450 I don't owe. A scan of the web shows I'm not alone.

Like many companies today, I can't find on their web site any way to contact Jeppesen by phone.

Roy
 
Thanks, Brian!

I just called the number, and selected the "sales" option. He told me they'd been getting a lot of calls and held a meeting to resolve it. The messages are being sent from their Indian contractor, and the reason they were sent is that I have a credit of $450, apparently from some data base update payment in 2017. The message attachments were, however, mistakenly worded as invoices requesting payment, and instructions for how to pay. The person I talked to confirmed my address and said that I would be sent a check for $450.00.

The next and hopefully final chapter of this drama will be posted when and if I see the check and it clears the bank.

Roy
 
Cool ending! Not what I was expecting! :D
 
Plot twist! I was going to say the mailbox had been popped and the scammer was redirecting replies elsewhere or hiding them from mailbox owner. We got a lot of fake invoice scams sent to staff saying payment for this or that conference is past due. The amounts are usually $35k and up.
 
You must log in or register to reply here.
Top Bottom