Cyber Fraud

23 December 2016

Members will already be aware the growing threat of cyber fraud as outlined in the Club’s News Alert of 1 July 2015 (click here), which highlighted in particular the interception of genuine emails setting out bank account details and replacement with an email containing the fraudster's bank account. 

The Club is aware of an increasing number of incidents so Assureds are reminded to be vigilant and to be duly diligent by putting in place appropriate procedures in order to combat the risk of cyber fraud. Such procedures include carrying out checks to verify a change of bank account by speaking on the phone with a known contact at the relevant company and/or checking that payment is being made to an existing bank account that has been successfully used previously. Assureds should be extra vigilant when they receive a request to make a payment to a new and/or different account, whether this is for agents, suppliers of goods/services, or payments due under the charter particularly where the bank account is already specified. As mentioned in the Club’s previous News Alert, care should be taken to avoid simply replying to an email that sets out new account details, even if it appears to originate from the correct/usual email address for the contact.

In addition, companies and ships are at risk of cyber-attack generally and it is recommended that Assureds take appropriate action to minimise those risks, including having up to date firewalls and training for staff. A virus can easily be introduced by the simple and seemingly innocuous use of a USB stick in, for example, one of the systems on board or at a company’s offices. The virus may render a whole system inoperable with ransoms being demanded, or may be more low key in gathering information, eg. they may find out when and which ships are sailing without armed guards and know when they are more vulnerable to attack.  For more information, Members are reminded of the Club’s Stop Loss article on Cyber Risks of September 2016 which can be accessed by clicking here.