Dear friends and associates,

We were informed about some email fraud attempts targeting specifically shipping companies and we would like to offer some practical advice below on how to avoid email fraud and phishing.

The specific frauds attempts originated from a look alike email address of a shipping agent, informing that money transfers should be made to a different bank account. Such frauds failed when recipients paid attention to the originating email address which was not correct but "look alike", and initiated a phone verification with the counter parties of the bank account change. Please always keep in mind that email communication is between at least two parties and even though you probably have made every effort to keep your messages confidential, the same cannot be said with certainty for the other parties involved in the communication loop.

What we suggest:

  • Avoid communicating sensitive information like passwords and credit card details via email.
  • Do not accept updates about crucial information like change of contact or bank details of your vendors/customers via email. Use direct methods (i.e. phone) to verify such changes, even when you have been doing business with them for a long time.
  • Be aware about who has access to your incoming emails (i.e. more than one employees for shared email accounts). In case you auto-forward your incoming messages to 3rd party emails (i.e. gmail, yahoo etc) keep in mind that you are not in control about who really has access to your incoming messages. You may upgrade your security by stop forwarding emails and use iTELiX for messages on the go.
  • Change your email passwords frequently and force a change of passwords whenever an employee leaves your company.
  • With outgoing emails you can always be sure that these will reach their destination. Keep in mind though, that since there is always another party involved (i.e. the recipient) it is not in your control who will read your message. Recipients frequently share emails to more than one persons and/or autoforward to 3rd party emails (i.e. gmail, yahoo etc).
  • With incoming emails it is quite easy for a fraud to "impersonate" the legitimate sender email address with a look alike i.e. instead of the legitimate This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it. and instead of This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it. . Keep in mind that it is also possible to impersonate the exact sender email address.
  • Maintain an address book with the legitimate email addresses of your counter parties. TELiX will protect you from "look alike originator" by marking such as “Unknown”. If in doubt about the origins of an email message contact your email support to verify the trace of an email.
  • Make your incoming traffic more secure by using a shipping/maritime antispam service to inspect your incoming emails. Ask your outgoing email/domain provider how to make your outgoing email more secure for your recipients by publishing a Sender Policy (SPF) records to authorize legitimate senders for your email domain.

http://en.wikipedia.org/wiki/Phishing "Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication."