Cyber Fraud – Payments of Agent’s Fees to Fraudulent Accounts
1 July 2015
Over the past year, the Club has become aware of an increasing number of instances of cyber fraud involving Members. The vehicle for the fraud in each of those instances was the interception of the ship’s agent’s emails and/or the hacking of the ship’s agent’s email account resulting in a request to send expected funds (e.g. anticipated disbursement accounts or cash for the Master) to a new bank account.
The fraudulent emails on most occasions originated from the agent’s own email address (if their server had been hacked) or an email address extremely similar to the agent’s genuine email address and provided bank account details with only subtle differences from the agent’s genuine bank account. Since Members do not have any control over the security of an agent’s email accounts, as a precaution it is suggested that an additional check be implemented for any requests to make payments to new bank accounts (either where the agent has not been paid by Members previously or because the account details are different to an account that has received funds previously). In particular, the Club suggests that the check includes independent verification of the bank details provided with a known contact by telephone or through a fresh email (rather than responding to the email requesting the change in bank account details which may itself be fraudulent). Whilst this will inevitably increase the amount of administration associated with payments for Members, it offers protection against the loss of potentially significant sums.