ITIC: Email Invoice Scams Cause Big Losses for Shipping Companies

fake invoice

Published Jan 12, 2021 10:09 PM by The Maritime Executive

Cyber-crime connected with fraudulent demands for payment continues to plague the maritime sector, according to the shipping insurer International Transport Intermediaries Club (ITIC). Cases of email-driven scams that result in six-figure losses have been reported previously, and ITIC says that it continues to see serious instances of theft using the same basic techniques.

In a recent case described by ITIC, a ship manager received an email from a shipyard with details of the first payment for some previously-agreed vessel repairs. The ship manager scheduled the payment in the usual manner, but on the day before the funds were to be released, they received another email. This second message claimed that due to some difficulties, the routing details for the first payment had been changed. 

The ship manager soon received an email with a replacement invoice and new routing instructions - on exactly the same template as the original - and made the payment following these new directions. Shortly afterwards, the ship manager received payment confirmation. 
However, this second email was fake, and the difference was not noticed by the ship manager. The fraudster has simply changed part of the email address from “irn” to “im” - a slight difference that went undetected. 

A few days later, the yard sent another invoice, which was intercepted by the fraudsters and replaced with a fake invoice and fake payment details. In total, the ship manager paid $500,000 to the fraudsters - and as the yard had received nothing, it still claimed this amount from the ship manager. 

With the insurer's involvement, the claim was reduced to $360,000 to reflect that the yard was partly at fault for not operating secure internal systems, ITIC said. 

"ITIC reinforces its advice that all companies should be very aware of vendors or partners who change their bank details and should always telephone to confirm. And when doing so, they must use a phone number they trust, and not simply the one stated on the (potentially fraudulent) invoice," the insurer warned. 

The method used in the case appears similar to a scheme detected and publicized by the cybersecurity firm Secureworks in 2018. The gang of hackers in that attack used spearphishing to insert malware on a target company computer, giving the hackers access to inside information that they could use to create fake invoices for payment.