Mexican wave goodbye to funds

Watch EU Underwriter, Elena Evriviadou, explain this claim here. 

A pool manager sent an email to the owner of a ship notifying them of the intention to make a payment of US$320,000 and requesting confirmation of the relevant bank details. The bank details received in response were obtained from a fraudulent email, and the funds were subsequently transferred to an account in Mexico which did not belong to the owner.

Although the police and the involved banks were notified immediately, the payment could not be intercepted or recovered.

The pool manager had appropriate procedures and supervisory controls in place. However, on this occasion, the correct checks were not fully followed due to workload pressure, and one of the required supervisory approvals was inadvertently bypassed. Additionally, the pool manager did not carry out a verbal confirmation of the change in bank details.

ITIC indemnified the loss up to the policy limit of US$250,000, less the deductible.

A request to change bank details is a red flag. Always check with the payee by telephone on a number already known to you or that is publicly available, not the number on the potentially fraudulent email or invoice. If you are passing on such changes of bank details at the very least, you should make your principal aware you have not checked them (if you have not) and advise them to do so before paying.