Ship Management International column - Virtual robbery

To see the article as it appears in Ship Management International, please click here. The article can be found on pages 58 -60.

It is a fact that violent crime has significantly reduced over the last few years.  Why is this? Criminals have not changed; they still want to get their hands on your money. The answer is that it is easier stealing money in cyber space than robbing a bank in the real world. Shipping will always be an attractive target for fraudsters because of its international focus. ITIC has seen this trend of cyber fraud ever increasing, particularly involving fraudulent emails. The average cost of these frauds is US$120,000. 

The classic scenario involves the payment of invoices and the subsequent transfer of funds from one account to another. The background communication and the invoice are usually by email. A fraudster will learn that a transfer of funds will be made, either from insider knowledge or by hacking into your or your contractor’s network. They will set up a new, but very similar email to the one the ship manager was previously responding to. For example the suffix of the email address will change from .com to .uk or .eu.  The difference is subtle and can easily be missed when many emails are being received daily. The fraudster will advise the ship manager that the account where payment was to be made is no longer in operation and a new account must be used. The excuse given is that the bank account has changed or is under audit.  Businesses very rarely change an account nor do they close an account when under audit.

Ship managers deal with large sums of owners’ money to service and keep a vessel running. In one instance the ship manager instructed a life boat service company to carry out the annual service of the life boats. The correct invoice was sent by email to the ship manager, but was intercepted enroute (in cyber space) and a different email was received. In this instance the domain name of the service company contained the word “lifeboat”. The fraudsters simply changed the lower case l for an upper case i (I).  Almost impossible to distinguish. Our advice in such instances is not to make a payment to an email advising of a change of bank details before taking separate steps to verify those instructions. One of the best resources you have is the telephone – use it!

A further scenario involves the theft of “cash to master” funds. In one case the ship manager received a message asking if the money could be sent directly to the agent’s foreign exchange broker who could secure banknotes which were in short supply in that part of the world. The manager’s member of staff queried the instruction replying to the email “As we don't know broker, would it be possible to remit CTM to your bank account as usual?” Of course they received confirmation of the new arrangement from the same e-mail address.  Again you must verify the instructions - don’t use the reply button as it will be the fraudster you are communicating with! 

ITIC’s professional indemnity cover will respond to situations where the ship manager has been negligent.  For example in the above claims examples the ship manager had seen the message and may have been negligent by failing to spot the fraudulent address.

The situation is different however if the message was created by fraudsters accessing your own computer system and sending a message to a third party. The difficulty in this scenario is you have not seen the message and you are unaware a fraud is happening. Any loss or harm caused by this fraud does not arise from your negligence.  ITIC has therefore developed a new additional cover that will insure you either for acts by people who gain access to your computer network without your permission or by those who were granted access for a legitimate purpose but misused that access to cause a loss or harm to a third party. 

ITIC is recommending that if there is anything unusual about payment instructions that you call the counter party to discuss and verify.

Documents

You are currently offline. Some pages or content may fail to load.