Industry individuals hit by email fraudsters

Two recent cases of shipping industry individuals losing substantial sums of money to online fraudsters have come to light. In both cases the victims transferred large sums of money to fraudulent accounts, responding to distress email appeals by online impersonators.

The email accounts of genuine companies are often hacked, or very similar-sounding email accounts are created, to mislead colleagues and friends of the hacked party in to believing that the appeal for financial help by the hacked party is sincere and urgent. In recent cases even AI and voice modulation is being used to con innocents into believing that the distress is of a very dire nature, and the emotional call may be responded to by the innocent victims with immediate transfer of funds without waiting to verify the authenticity of the communication.

Periodic warnings do appear of such fraudulent activity, but frequent reminders to take precautions are equally in order.

The fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, with the intent to extract funds, is known as ‘phishing’.

A fraudulent SMS, social media message, voice mail, or other in-app message asks the recipient to update their account details, change their password, or tell them their account has been violated. The message includes a link used to steal the victim’s personal information or install malware on the mobile device.

Once in control of an account, the perpetrators will often proceed to send out appeals for urgent financial help to the contacts of the victim.

How do I report phishing?

Forward phishing emails to reportphishing@apwg.org (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions, and law enforcement agencies). Let the company or person that was impersonated know about the phishing scheme.

Marex Media

BOX

10 simple tips for identifying and preventing phishing scams

1. Know what a phishing scam looks like
2. Don’t click on that link
3. Get free anti-phishing add-ons
4. Don’t give your information to an unsecured site
5. Rotate passwords regularly
6. Don’t ignore those updates
7. Install firewalls
8. Don’t be tempted by those pop-ups
9. Don’t give out important information unless you must
10. Have a Data Security Platform to spot signs of an attack