In a recent article, North of England P&I Club informed about misdirected payments, noting that everyone in shipping industry is at risk of becoming a target of cyber fraud. Specifically, the Club underlined that some operators have been the victims of ‘cyber’ fraud in cases where money paid to a provider of goods or services was diverted to criminals.
According to North, the methods used in every fraud case were quite similar. When two parties were negotiating the practicals of some financial transaction, right before they exchange bank accounts or right after, the criminals would take over one or both parties’ e-mail systems. They did that by using a very similar address of either of the parties and then continuing the e-mail discussion. If the two parties had already given bank accounts’ details, the criminals would tell the paying party to use different bank account details to those already provided and they gave believable reasons for the change.
The results of these criminal activities can be summarized to:
- vessels being arrested by the unpaid service/goods provider,
- criminals succeeding and operators having to pay twice,
- disruption to business and loss of personnel time
In order to succeed, the criminals take advantage of three main things:
- Shipping is a fast-paced, globalised industry where time is money and most transactions are carried out by email, quite often with new parties,
- People are motivated to do a good job. They will naturally want to help the genuine third party to be paid and will be efficient in doing so,
- The human brain will generally “auto correct” apparent mistakes so that information is interpreted as expected e.g. the word “shpping” will still be recognised as ‘shipping’ even if there is a letter “i” missing
The Club notes that no email system can be truly secure, so operators must be vigilant to warning signs. North advises:
- Check if an email address doesn’t look quite right
- If you are asked to use different bank account details, check it out
- In case you are provided with details of a bank that is in a different country to the party to be paid, check it out.