The London P&I Club is aware of an increasing number of incidents related to cyber fraud and reminds Assureds to be vigilant and to be duly diligent by putting in place appropriate procedures in order to combat the risk. In the past, the Club highlighted cases which involved in particular the replacement of genuine emails setting out bank account details and replacement with an email containing the fraudster’s bank account.
Such procedures include carrying out checks to verify a change of bank account by speaking on the phone with a known contact at the relevant company and/or checking that payment is being made to an existing bank account that has been successfully used previously. The Club says that operators should be extra vigilant when they receive a request to make a payment to a new and/or different account, whether this is for agents, suppliers of goods/services, or payments due under the charter particularly where the bank account is already specified.
As mentioned in the Club’s previous News Alert, care should be taken to avoid simply replying to an email that sets out new account details, even if it appears to originate from the correct/usual email address for the contact.
In addition, companies and ships are at risk of cyber-attack generally and it is recommended that Assureds take appropriate action to minimise those risks, including having up to date firewalls and training for staff. A virus can easily be introduced by the simple and seemingly innocuous use of a USB stick in, for example,one of the systems on board or at a company’s offices.
The virus may render a whole system inoperable with ransoms being demanded, or may be more low key in gathering information, eg. they may find out when and which ships are sailing without armed guards and know when they are more vulnerable to attack.
Source: The London P&I Club