Cyber-crime connected with fraudulent demands for payments continue to plague the maritime sector as a large claim handled by the International Transport Intermediaries Club (ITIC) demonstrates.
A ship manager received an email from a shipyard detailing the first payment that was due for agreed repairs. The ship manager scheduled the payment but on the day before the monies were to be released, the ship manager received a further mail. This message explained that due to a certain difficulty, the routing details for the first payment had been changed. However, this second email was fake and was not noticed by the ship manager (in effect, the fraudster has simply changed part of the email address from “irn” to “im”).
The ship manager soon received a replacement invoice and new routing instructions – on an identical template to the original – from the fraudster and made the payment. Shortly afterwards, they received payment confirmation.
A few days later, the yard sent a further invoice which was intercepted by the fraudsters and replaced with a fake invoice and fake payment details.
In total, the ship manager paid US$500,000 to the fraudsters and, as the yard had received nothing, they claimed this amount from the ship manager. With ITIC’s involvement, the claim was reduced to US$ 360,000 to reflect that the yard was partly at fault for not operating secure internal systems. ITIC settled the claim.
ITIC reinforces its advice that all companies should be very aware of vendors or partners who change their bank details and should always telephone to confirm. And when doing so, they must use a phone number they trust, and not simply the one stated on the (potentially fraudulent) invoice.