False or scam emails – warning
IMCA seeks to bring to the attention of members the increased risk to businesses of email fraud. Two events in 2015 serve to highlight this risk. Both of them were attempts to defraud business organisations using email. One of them, sadly, was successful.
Incident 1
Information has been brought to IMCA’s attention regarding a scam or fraud attempt made, whereby an ‘internal’ email was received which purported to be from a Chief Executive. The email appeared to come from the correct and bona fide email address; it was personally addressed to the correct person dealing with such matters, and it contained clear instructions, again ostensibly from the CEO, to pass certain confidential details to certain private email addresses.
It was a fake ‘phishing’ email – an inappropriate attempt, by persons unknown, to extract information. members should be aware of the risks of email theft and scamming of this sort and should be alert to the possibility that emails that appear to be from legitimate email addresses may prove to be fake.
As with bank phishing scam emails, close attention should be paid to the details of wording, spelling, grammar and context, which often provide clues to the fact that an email is fake. In the above example, the suggested use of private email addresses for professional purposes was the clue to the email being a scam. In this case, the attempt to defraud was not successful.
Members may have been aware of recent news items about ‘CEO scam’, where ostensibly legitimate instructions, often for transfer of funds, appear to arrive from the CEO of an organisation.
Incident 2
A member has reported an attempt in which a company was defrauded of several hundred thousand dollars through email fraud. The incident occurred when the company was seeking to legitimately purchase reconditioned equipment from a vendor in a different part of the world.
This was a deliberate attempt to defraud lasting several weeks, involving more than one email. By using a subtle and difficult to notice change to email addresses, the fraudster was able to persuade employees of the company to transfer funds into a bank account other than that specified by the true vendor of the equipment.
Whilst the incident was reported to the local police, to the banks involved and to Interpol, the international nature of the fraud meant that the funds could not be recovered.
Lessons learnt:
Members should remain vigilant, liaise with their own IT departments and to continue to work to ensure the safety and security of their internal and external email communications.
To reiterate, close attention should be paid to the following:
- Changes to bank account numbers, addresses of legal entities or any other significant information;
- Details of wording, spelling, grammar and context – these can often provide clues to the fact that an email is fake;
- The use of private or personal email addresses in the business world. This can sometimes – but not always – be a clue;
- Subtle changes to the email address or to the servers or internet domains from which they are sent;
- Links provided which may inappropriately divert the user to websites other than those intended for business use.
It is of particular importance to take care when there is unfamiliarity with terminology or when administration of this sort is being carried out by persons whose first language may not be the same language as that in which the business communication is taking place.
IMCA has a Security Workgroup that is a workgroup of the Safety, Environment & Legislation (SEL) Core Committee. Though initially created to address piracy and the International Ship & Port Facility Security (ISPS) code, part of its work today is to address ‘cyber security’ issues of this sort. Further information can be found from IMCA technical adviser Chris Baldwin
More information on the CEO email scam can be found at bbc.co.uk/news/business-35250678
Safety Event
Published: 24 February 2016
Download: IMCA SF 05/16
IMCA Safety Flashes
Submit a Report
IMCA Safety Flashes summarise key safety matters and incidents, allowing lessons to be more easily learnt for the benefit of all. The effectiveness of the IMCA Safety Flash system depends on Members sharing information and so avoiding repeat incidents. Please consider adding [email protected] to your internal distribution list for safety alerts or manually submitting information on incidents you consider may be relevant. All information is anonymised or sanitised, as appropriate.
IMCA’s store terms and conditions (https://www.imca-int.com/legal-notices/terms/) apply to all downloads from IMCA’s website, including this document.
IMCA makes every effort to ensure the accuracy and reliability of the data contained in the documents it publishes, but IMCA shall not be liable for any guidance and/or recommendation and/or statement herein contained. The information contained in this document does not fulfil or replace any individual’s or Member's legal, regulatory or other duties or obligations in respect of their operations. Individuals and Members remain solely responsible for the safe, lawful and proper conduct of their operations.