By selecting UK flag, you have now set your site language to English. If you'd like to change your language preference again, simply click on one of the other flags.

Close

こちら Japan flag を選択して頂くと、言語設定が日本語に切り替わります。設定変更後は以下の機能が利用可能です。

  • 日本語版ウェブサイトへのクイックアクセスが可能となり、日本語の刊行物をご覧頂けます。

  • 日本語版が閲覧可能な刊行物や記事については、日本語が優先表示されます。表示言語については Japan flag をご参照下さい。

閉じる 言語設定を切り替えたい場合には、国旗のマークをクリックして下さい。

By selecting Japan flag, you have now set your language to Japanese. This has several benefits, including:

  • Providing quick access to our Japan page, which collates all our Japanese content in one place.

  • Ensures that content is presented to you in Japanese first, if we have an article, publication or webpage available in Japanese. Look out for the Japan flag indicators across the site.

Close If you’d like to change your language preferences again, simply click on one of the other flags.

点击选择 China flag,可将网站语言设置为中文。这能帮助您:

  • 快速访问我们的中国区页面,该页面将有网站内容的中文汇总。

  • 在我们的文章、出版物或者网页有中文版本提供的情况下,确保首先向您展示的是中文版本的内容。您可关注站点上的 China flag 按键。

关闭 点击任意其他国旗,可切换您的语言偏好。

By selecting China flag, you have now set your language to Chinese. This has several benefits, including:

  • Providing quick access to our China page, which collates all our Chinese content in one place.

  • Ensures that content is presented to you in Chinese first, if we have an article, publication or webpage available in Chinese. Look out for the China flag indicators across the site.

Close If you’d like to change your language preferences again, simply click on one of the other flags.

Fraud by Email - Misdirected Payments

Everyone is at risk of becoming a target of cyber fraud and recent experience has shown that the shipping industry is particularly vulnerable.  In this article we discuss a very common fraud in shipping.

Unfortunately, some of North’s Members have been the victims of ‘cyber’ fraud in cases where money paid to a provider of goods or services was diverted to criminals. Virtually the same methods were used in every case.  Here’s what happened:

1.  Members (owners or charterers – the criminals are happy to steal from anyone!) entered into email discussions with a third party for provision of goods or services e.g. bunker suppliers, port agents etc.

2.  During the email discussions, the price was discussed and bank details provided for payment.

3.  The email discussions were then intercepted by criminals, who had gained access to one or both parties’ email systems.

4.  The criminals then continued the email discussion, as if they were one of the genuine parties, using a very similar email address (created specifically for the relevant transaction) to that of either one or both of the parties e.g. shippers@shipping.com might be the address of one of the parties but the criminals would use a very similar address e.g. shippers@shpping.com, with a difference that may not be noticed by someone who is busy.

5.  Where bank details had already been given, the criminals told the paying party that they should use different bank account details to those already provided and they gave believable reasons for the change.  In another case, the criminals intercepted the email discussion before bank account details were provided, but after they had been requested. You only ever see one set of details if this occurs.

6.  In some cases, vessels were arrested by the unpaid service/goods provider.

7.  In most cases, the criminals were successful and Members had to pay twice.

8.  In all cases, there was disruption to Members’ business and lost personnel time.

If you are lucky, funds might be stopped by a bank but this cannot be relied upon. 

The criminals’ methods are simple and take advantage of the following facts:

1.  Shipping is a fast-paced, globalised industry where time is money and most transactions are carried out by email, quite often with new parties.

2.  People are motivated to do a good job. They will naturally want to help the genuine third party to be paid and will be efficient in doing so.

3.  The human brain will generally “auto correct” apparent mistakes so that information is interpreted as expected e.g. the word “shpping” will still be recognised as ‘shipping’ even if there is a letter “i” missing, unless you are very vigilant.

The use of remote technology (laptops, smart phones, tablets etc.) and generic email addresses with the same passwords provide criminals with more opportunities to access email systems.  A hack is not necessary if criminals can get hold of (or guess) genuine passwords, or a laptop or phone left momentarily unattended. 

If In Doubt, Check It Out!

No email system can be truly secure, so it’s important to be vigilant to warning signs that could help you to avoid becoming a victim of this very common  ‘cyber’ fraud.  The warning signs might be:

  • An email address that doesn’t look quite right; if in doubt, check it out.
  • Being asked to use different bank account details; if in doubt, check it out.
  • Being provided with details of a bank that is in a different country to the party to be paid; if in doubt, check it out.

Taking 5 minutes to make a phone call to the other party (using a known telephone number; not the one on the suspect email) might help you to avoid losing both money and time. Having a standard procedure that requires this step where a change is made or an email address does not seem right is good practice. Raising employees’ awareness can also greatly increase the chances of spotting simple frauds such as this.

For more infromation on cyber related risks, please visit our Insights Area. 

Did you spot the deliberate mistake in the spelling of ‘information’ above?

This website, www.nepia.com, is now in archive and will not be updated with new content. The website will remain accessible for a short time as we complete the transfer of relevant content to the new NorthStandard website (north-standard.com).

If you would like to access the ECDIS training assessment app (ETA), you can still register for app access via MyNorth.

Please head to north-standard.com for the latest industry news, expert analysis and publications, club rules and contacts, and access to our newly launched digital tools specifically designed to support your operations.

TAKE ME TO NORTH-STANDARD.COM