UAE HR firm loses Dh50,000 in cyber scam

An HR services company in the United Arab Emirates (UAE) has lost nearly Dh50,000 after cybercriminals impersonated Emirates Flight Catering (EKFC), one of the country’s largest catering firms.

Although the scam occurred last month, the HR firm uncovered it recently after communication abruptly stopped. Only to realise it had been in contact with impostors posing as EKFC. The fraudsters have been using near-identical email domains i.e. vendor-emireteflightcatering[.]com and vendor-emiretesflightcatering[.]com, with subtle misspellings of “Emirates.” The sender’s display name appeared as “Emirates Flight Catering EKFC”, which boosted their credibility.

Other red flags included: no official EKFC staff were copied on the emails, the domains were misspelled versions of emiratesflightcatering.com, and the fraudsters applied heavy pressure to push through the transfer.

EKFC acknowledged being alerted to the fraudulent activity and is collaborating with authorities, urging partners and suppliers to be vigilant. 

The HR firm, which had previously worked with EKFC via a middleman, was told the caterer was “back online” and accepting direct partnerships. The process looked authentic, including a “refundable registration deposit” and a US$300,000 bond later in the approval stage, mirroring real contractor onboarding.

The funds were linked to a digital bank account in Abu Dhabi under the name “Emirates Flight Catering EKFC,” as per the documents reviewed by Khaleej Times. It remains a mystery how the fraudsters managed to open an account using EKFC’s official name. 

In a media statement, an EKFC spokesperson said, “We have been alerted to fraudulent activities impersonating our company. We are cooperating with authorities to investigate and take legal action. We advise caution against unverified requests for funds or information. As a policy, Emirates Flight Catering does not charge any fees for supplier registration. More details are available on our website: https://www.emiratesflightcatering.com/procurement” and https://www.emiratesflightcatering.com/procurement 

Sharing the case with Khaleej Times, Cybersecurity firm Kaspersky explained how even seasoned businesses can be tricked when criminals exploit familiar processes. 

Maher Yamout, lead security researcher at Kaspersky said, “Fraudsters often use minor details, like a misspelled domain or urgent payment requests, to rush victims into action. Business email compromise (BEC) attacks are among the costliest cyber threats globally, and the UAE is no exception.”

Yamout also shared some mandatory safety advice against such cyberfrauds: 

For individuals:

• Always double-check domains before replying or transferring money.
• Verify payment instructions by phone with trusted company contacts.
• Require multiple staff approvals for large transfers.
• Check recipient details on DED Dubai.

For businesses:

• Conduct regular cybersecurity awareness training year-round.
• Deploy brand monitoring tools to detect suspicious lookalike domains.

You may also like:

• Top HR Leadership Appointments– August Highlights
• Google cuts 35% of small-team managers in efficiency drive
• Culture, AI Skills, Care or Big Bonuses? What EX in 2025 truly means
• Intern to CEO: What Michael Fiddelke’s leadership journey tells us about employee experience
• Report finds UAE workers spending extra hours in office to ‘keep up'

Such cyberfrauds are a global threat, as business email compromised scams are surging, leading to billions of dollars in annual losses. In regions like the Gulf, where vendor partnerships are frequent, experts warn that fraudsters see this as a fertile ground.

Yamout stressed that it is critical to report such incidents quickly to banks and police, both to improve recovery prospects and to prevent others from being targeted.