In its November edition of Phish and Ships, Be Cyber Aware at Sea focuses on how to get ahead of the hackers, in light of the increasing cyber attacks; Security experts recommend shipowners to improve the training of their staff, making them able to rapidly identify fake emails and ensure they are ready to adapt to the IMO 2021 changes.
Based on the IMO Resolution “Maritime Cyber Risk Management in Safety Systems”, shipping industries, managers and operators must implement cyber security policies based in the ISM Code until the 1st of January 2021. The regulation will assist the maritime companies to be aware of the cyber criminals and realize the importance of the cyber risks. Until now, many companies have already put the cyber risk issue in top priority and adopted new techniques to include in their Safety Management System in order to avoid those risks.
However, it is a fact that some shipping companies will not be fully-prepared in 2021, leading to their exposure to cyber threats without being aware of it; Consequently, hackers could attack and access passwords or use emails to penetrate them.
The key for avoiding those hackers, except cyber security guidance, is a well-trained staff that recognizes immediately fake emails. The following checklist by Mike McNally, GT Maritime director, will aid on what to question and check from emails so as to be protected.
Do not follow suspect links: There is no fool-proof way to tell whether an email is legit. It is better to think twice on how to proceed and not click on any links.
Check the email sender and URL: Check whether the sender’s domain (detailed after the @ sign in the email address) matches the claimed source of the email. Fraudsters deliberately use incorrect spellings of legitimate domains in the hope of evading detection.
Check links lead to where they are supposed to: Hovering a mouse over a link will reveal its destination URL. If the link is not related to the claimed destination, do not click.
Check for a personal salutation: Legitimate senders will usually address their customer by name, while phishing attempts will likely to use a generic greeting.
Take time to review the email: Phishing emails often include time sensitive requests. Review all emails to ensure they are genuine before acting on any request.
Do not give out personal or sensitive information: Be cautious on emails requesting account details or other sensitive information. Contact the sender in another way to confirm the legitimacy of their request.
Check the design and quality: Phishing emails often contain poor spelling and grammar, or incorrectly reproduce graphics stolen from the claimed source.
Ask for help: Under the possibility that you receive a suspected phishing email, forward to your IT department.