The North of England P&I Club refers to a recent case in which the hacker used a very similar email to a known contact and asked for a payment to be diverted to a different account to that normally used and highlights lessons learned to enhance cyber security.
The Club says that the email had seemingly come from the account of the Owners, Charterers duly made payment of two hire payments into, what they believed to be, Owners’ alternative bank account and evidenced, via swift confirmations, that this had been done. It soon became evident that Charterers had fallen victim to a fraudulent diversion of hire payment.
Lessons learned
- The email received, purportedly from Owners, originated from an account very similar to the Owners’ legitimate accounts department. Always check the email address carefully – any changes to the normal address should be treated as suspicious.
- In all prior correspondence originating from Owners’ accounts department, the email was personally signed off. In the email received from the fraudsters the email was simply signed off as ‘Accounts Department’. This is a clue that something is different – be suspicious in these circumstances.
- In circumstances where a bank account has been provided for in the charterparty/fixture recap, treat this as the main account into which payment of hire/freight should be made.
- Do not reply to the email account from which the instruction to make payment into a different account was received. Always use an email address that has been verified as legitimate.
- Never call the telephone numbers provided for in the suspicious email. Always use a telephone number that has been verified as legitimate.
The Club warns that in case you receive an email asking you to pay funds due to a different account telephone your counterpart DO NOT email them – the malware viruses will create automatic email responses that will appear genuine.
Source: The North of England P&I Club
