Cyber-security – malicious spoofing and phishing

The United States Coast Guard (USCG) has released very timely Marine Safety Information Bulletin (MSIB) 19-20 relating to malicious email spoofing incidents. The USCG notes that there are increasingly sophisticated malicious email spoofing techniques being used.

The bulletin is timely because IMCA has recently received a report from one of its members relating to cyber security awareness. In this incident, personnel received messages claiming to be from senior management.  Management will not be asking for action on matters like flight tickets, hotels, urgent payments for contracts, etc. via SMS, social media, or personal email addresses. These requests will always be done via official channels.  

What is phishing?

Most of us will be aware of phishing emails and know what to look out for. There are multiple types of phishing, and it is good to be aware of the main types.  Phishing is someone pretending to be someone they are not, in order to gain access to confidential information.  Phishing can also be done via phone calls, SMS and other online messaging services.

• Suggestions for dealing with potential phishing SMS, phone calls and other messages:
  • Never feel pressured into clicking a link in a message or taking any other action;
  • Take a minute to check if you were expecting this phone call or message;
  • Check for any spelling/grammar errors in the text or unusual senders (e.g. check the country code of the phone number);
  • If in doubt, REPORT messages/phone calls/phishing emails to your company IT department and BLOCK the number.

Members may wish to refer to:

• UK National Cyber Security Centre – Phishing: Spot and report scam emails, texts, websites and calls (advice from other governments is available)
• False or scam emails – warning
• IMCA Cyber Security Update Information note ID: 1579