Beware of cyber fraud

ITIC has issued several circulars to members since 2015 warning of fraudulent messages altering bank details and the fraudulent diversion of port expenses, which can be seen here. Unfortunately ITIC is still seeing evidence of similar frauds being perpetrated across the wider marine industry and advises all members to be vigilant.

The basic feature of these frauds is that a party due to make a payment will receive a fraudulent message altering the bank details of the recipients. Examples have included the diversion of freight payments, hire, cash to master and ship agents’ disbursements.

On close examination the email addresses used by the senders of these messages are often very slightly different to the genuine ones, with perhaps a single letter being omitted, or maybe the end of the address being different, for example:

info@itc.com (omission of i in ITIC)
info@itic.uk (change of domain name)

Research from Cambridge University has shown that we do not read every letter in a word, but the word as a whole. Often the only important aspect is the first and last letters being in the correct place.

The example is:

“It deosn’t mttaer in what oredr the ltteers in a word are. The iprmoatnt tihng is that the frist and lsat ltteer are in the rghit pclae”.

ITIC advises anyone receiving a message changing bank account details to view it with suspicion and to take steps to independently verify the instructions. The check should not involve replying to the suspect email but by using a different channel of communication or at the very least re-entering the email address copied from a message known to be genuine.

ITIC particularly advises anyone receiving a message changing account details to view it with suspicion and to take steps to verify the instructions by a different communication method, preferably by telephone.

You are currently offline. Some pages or content may fail to load.