The International Transport Intermediaries Club (ITIC) flagged up how making a simple phone call can avoid fraudulent payments being made to cyber-criminals.
The insurer gave the example of how cyber-criminals infiltrated communications between a ship manager and a shipyard over payments for repair works.
The ship manager had already received an email from the yard detailing payment for the first instalment of repair work, a day before the payment was due a second email was received by the manager saying the payment routing had changed due to a “certain difficulty”. The manager did not notice the email address had been spoofed with part of it changed from “irn” to “im”.
A new invoice was received, on the same template, and the manager made payment, thinking that they had paid the shipyard but in fact the monies were sent to fraudsters. The cyber-criminals even sent a receipt of payment, which appeared to come from the yard.
A few days later a second invoice from the yard was also intercepted by the cyber-criminals, and same process with a fake invoice repeated.
“In total, the ship manager paid $500,000 to the fraudsters and, as the yard had received nothing, they claimed this amount from the ship manager. With ITIC’s involvement, the claim was reduced to $360,000 to reflect that the yard was partly at fault for not operating secure internal systems. ITIC settled the claim,” the club explained.
A simple phonecall made to the yard to confirm changes in bank details could have avoided the fraudulent payments. ITIC also stressed companies should use a number they trust for such verification purposes, and not the one that is stated on the potentially fraudulent invoice.
Copyright © 2021. All rights reserved. Seatrade, a trading name of Informa Markets (UK) Limited.