Big trouble in China

A ship manager oversaw the repairs of a ship at a shipyard in China. On August 10th 2018 the ship manager received an email from “Azula” at the shipyard concerning the first payment due for the repairs.

The details provided by “Azula” were the ones that had been previously used. The payment was scheduled for 14th August.

However, on 13th August a further e-mail was received from “Azula” advising that due to problems caused by Iranian customers the management board had requested another payment routing for the required first payment. However, this was a fake “Azula” as part of the e-mail address had been changed from “irn” to “im”. This was not noticed.

As a result the first payment was stopped whilst the new bank details were awaited. A new fraudulent invoice was received on the same template as the original from the fake Azula. Trusting the new invoice, payment was made on 14th August 2018.

On 16th August a statement was received from the fake Azula/hackers confirming the above payment along with the technical inspector’s signature. Subsequent investigations would show that the hackers had full access to both the shipyard’s and manager’s systems.

On 22nd August an invoice was sent by the real Azula which the hackers intercepted and issued a replacement fake invoice with their fraudulent bank details.

In total two payments were made to the hackers in the sum of US$ 500,000. As the shipyard had not received payment, they claimed this sum from the owners. ITIC was able to negotiate a reduction with the yard toUS$ 360,000 due to the fact they were partly at fault for allowing the hackers access to their system. This sum was covered by ITIC.

As always, any change to bank details should be a red flag in terms of spotting potential frauds and you MUST verify by using the phone. Do not use the phone number on the email correspondence, as it may be that of the fraudsters.