False or scam emails – warning
- Safety Flash
- Published on 24 February 2016
- Generated on 16 March 2025
- IMCA SF 05/16
- 4 minute read
IMCA seeks to bring to the attention of members the increased risk to businesses of email fraud. Two events in 2015 serve to highlight this risk. Both of them were attempts to defraud business organisations using email. One of them, sadly, was successful.
Incident 1
Information has been brought to IMCA’s attention regarding a scam or fraud attempt made, whereby an ‘internal’ email was received which purported to be from a Chief Executive. The email appeared to come from the correct and bona fide email address; it was personally addressed to the correct person dealing with such matters, and it contained clear instructions, again ostensibly from the CEO, to pass certain confidential details to certain private email addresses.
It was a fake ‘phishing’ email – an inappropriate attempt, by persons unknown, to extract information. members should be aware of the risks of email theft and scamming of this sort and should be alert to the possibility that emails that appear to be from legitimate email addresses may prove to be fake.
As with bank phishing scam emails, close attention should be paid to the details of wording, spelling, grammar and context, which often provide clues to the fact that an email is fake. In the above example, the suggested use of private email addresses for professional purposes was the clue to the email being a scam. In this case, the attempt to defraud was not successful.
Members may have been aware of recent news items about ‘CEO scam’, where ostensibly legitimate instructions, often for transfer of funds, appear to arrive from the CEO of an organisation.
Incident 2
A member has reported an attempt in which a company was defrauded of several hundred thousand dollars through email fraud. The incident occurred when the company was seeking to legitimately purchase reconditioned equipment from a vendor in a different part of the world.
This was a deliberate attempt to defraud lasting several weeks, involving more than one email. By using a subtle and difficult to notice change to email addresses, the fraudster was able to persuade employees of the company to transfer funds into a bank account other than that specified by the true vendor of the equipment.
Whilst the incident was reported to the local police, to the banks involved and to Interpol, the international nature of the fraud meant that the funds could not be recovered.
What lessons were learned?
Members should remain vigilant, liaise with their own IT departments and to continue to work to ensure the safety and security of their internal and external email communications.
To reiterate, close attention should be paid to the following:
- Changes to bank account numbers, addresses of legal entities or any other significant information.
- Details of wording, spelling, grammar and context – these can often provide clues to the fact that an email is fake.
- The use of private or personal email addresses in the business world. This can sometimes – but not always – be a clue
- Subtle changes to the email address or to the servers or internet domains from which they are sent.
- Links provided which may inappropriately divert the user to websites other than those intended for business use.
It is of particular importance to take care when there is unfamiliarity with terminology or when administration of this sort is being carried out by persons whose first language may not be the same language as that in which the business communication is taking place.
IMCA has a Security Workgroup that is a workgroup of the Safety, Environment & Legislation (SEL) Core Committee. Though initially created to address piracy and the International Ship & Port Facility Security (ISPS) code, part of its work today is to address ‘cyber security’ issues of this sort. Further information about this is available from IMCA Technical Adviser Nick Hough.
More information on the CEO email scam can be found at bbc.co.uk/news/business-35250678.
IMCA Safety Flashes summarise key safety matters and incidents, allowing lessons to be more easily learnt for the benefit of the entire offshore industry.
The effectiveness of the IMCA Safety Flash system depends on the industry sharing information and so avoiding repeat incidents. Incidents are classified according to IOGP's Life Saving Rules.
All information is anonymised or sanitised, as appropriate, and warnings for graphic content included where possible.
IMCA makes every effort to ensure both the accuracy and reliability of the information shared, but is not be liable for any guidance and/or recommendation and/or statement herein contained.
The information contained in this document does not fulfil or replace any individual's or Member's legal, regulatory or other duties or obligations in respect of their operations. Individuals and Members remain solely responsible for the safe, lawful and proper conduct of their operations.
Share your safety incidents with IMCA online. Sign-up to receive Safety Flashes straight to your email.