Marine cyber fraud alert
According to Financial Fraud Action, a financial scam takes place every 15 seconds. The scams frequently fall into the category of cybercrime.
According to Financial Fraud Action (“FFA”), a financial scam took place every 15 seconds in the first half of 2016. Whilst methods of scams vary, they frequently involve computers and bank transactions and would fall into the category of “cybercrime”. The marine industry is not immune from attack. Cyber gangs are targeting the shipping industry and its wider service industries, including insurers.
One case in which we were recently involved concerned the payment by a vessel owner to their agent in respect of agent’s fees incurred during a port call. Whilst the money should have been transferred to the agent’s bank in the Middle East, it ended up in a bank account in Leicester! By the time the scam was discovered the money in the UK account had been cleared and moved on several times such that tracing it would have been expensive, time consuming and most likely, ultimately futile. Cyber crimes such as this rarely generate traditional lines of enquiry and sources of evidence. There are rarely witnesses, the crimes can be hidden for long periods of time and the fraudsters are not constrained by national borders.
In our recent case the scam was made all the more credible because it was perpetrated by fraudsters who;
- Were sophisticated enough to be able to open a bank account in the same name as the real agent,
- Sent payment instructions to the vessel owner via a very similar email address to that used by the real agent, and
- Knew the vessel owner was expecting payment instructions from the real agent.
Such intimate knowledge of operational arrangements and identities suggests a certain degree of “insider knowledge” somewhere in the operational and contractual chain.
Other cases have involved the IT systems of the remitting company being hacked so as to change the payment instruction to divert funds to the fraudsters’ account.
Organisations such as Action Fraud (UK police fraud and cyber crime reporting unit) will do what they can, but their ability to prevent or assist comes down to resources and priorities and in our experience, that resource is more generally diverted to individuals rather than corporate entities.
The reality, as ever, is that prevention is far better than cure. Organisations should conduct transactions vigilantly. FFA has just launched their “Take Five” campaign which urges people to stop and think before responding to any financial requests. We know of one P&I Club whose payment policy is now to call the requester of funds by telephone and get the requester to confirm the bank details before any transaction is made. This is a simple step but one which could ultimately prevent the scam.
Should you have any queries please do not hesitate to contact Phil James, Partner & Head of Marine on 0151 243 9849 or email firstname.lastname@example.org