Emails and Documentary Fraud

29 Ноя

В настоящей публикации рассматриваются довольно специфические для морского бизнеса способы мошенничества. Одновременно, даются рекомендации по оперативной защите от подобного мошенничества.

Shipping frequently involves large volumes of cargo moved globally and with it substantial costs and fees. As such, there will always be some rotten apples in the barrel looking for a way to make money at someone else’s expense. So the importance of accurately knowing your contractual counterparty is essential.

Currently the most common scenario is where ship owners or operators receive a message advising them of revised banking details in respect of earlier payment instructions from their agent for an advance port call disbursement; pre-paid break-bulk cargo; or the chartering broker for collecting freight payments for the disponent owner of the vessel.

These actions typically result in losses due to:

  • Non-payment of freight or demurrage to genuine counter parties.
  • Misdirected payments to unknown parties.
  • Phantom advance disbursements to fraudsters who have set up a fake company for this very purpose

These types of intercept fraud may result in theft of tens of thousands and occasionally over 100,000 dollars or euros perhaps even via accumulated transactions before it is uncovered. In cases investigated so far, the client’s agents who have purportedly sent the messages have unknowingly had their email systems compromised (or hacked) and fake emails sent as if from them to their ship owner or chartering clients, usually with a fake reply to address engineered into the system. The following fraudulent techniques were used to extract funds.

Tactic 1: Masking of modified links or email addresses

How to check: Hovering on the ‘hyperlinked text’ will reveal the underlying address in the bottom left corner of your screen*.

Warning signs: Sender’s email address doesn’t match with the trusted contact details; or the email shows a completely different address, or a free web mail address.

Tactic 2: Redirection of emails when replying

How to check: Check that the ‘return email’ is actually correct, especially applies to new contacts or free web mail addresses. Once ‘reply to’ has been selected, double-check the address shown, also via the hover over check.

Warning signs: As above, or if the email contains an image with an embedded hyperlink to contact via a fake website.

Tactic 3: Scanned attachments may be modified or doctored

How to check: Check the B/L or Payment instruction / confirmation carefully to ensure no signs of amendment to the IBAN number or payee.

Confirm bank details direct with receiving bank, this is not difficult with modern IBAN numbers.

Warning signs: The email contains font type changes, discolouration of paper, spelling and grammatical errors (e.g. UK and US English).

Tactic 4:  Fake company and/or website

How to check: A prominent website link can still be forged or cloned.

Numerous instances show that a fake by using or to view the registrar of a website for extra clues, it may be possible to verify information and contacts.

Warning signs: Seeming very similar to the proper address, but even a single character’s difference means a different website, and can be combined with a mistyped or use of ‘same as last’ within fixture notes.

Company has been set up within a short period, less than six months before the fraud takes place.

If you suspect something is amiss, contact the company directly using other methods than those listed in the email. Even more so if the email conveys a sense of urgency; e.g. asking you to act immediately or you may miss the fixture.

The best way to avoid these situations is awareness and sufficient time to review the information, in the absence of this, consider a simple aide memoire checklist to minimize the risk of missing something out.

  • Confirm where all address commissions and brokerage commissions are destined.
  • Check the registered full style, ideally against the IMO or national Company Register of relevant country.
  • Confirm bank details direct with receiving bank are where you ex pect, this is not difficult with IBAN numbers.
  • References of past deals, and trading names including simple ‘internet search’ on ‘problems, XYZ Company’ and ‘person ABC’.
  • Consider calls to the Baltic Exchange or BIMCO to check their databases may also be prudent.

If you are concerned about your legal exposure, or for non-urgent guidance we suggest that you contact the Raetsmarine Support Desk on, with details of your specific scenario for a more appropriate individual response.

Автор: J. Baker