We have had reports of an email scam being circulated amongst owners and charterers and, in particular, being sent to ships. These emails are being sent by scammers posing as law firms in order to distribute malware, including the latest ransom-ware.

QUOTE

Dear Sir,

We have been appointed to proceed with legal steps in arresting your vessel due to your inability to clear your long overdue payment with our client. Our client claims that several reminder has been sent to you on this subject matter without getting any response from you.

Find attached lawsuit filed by our client including Court and lawyer cost. Kindly review and revert with your comment. Meanwhile, vessel will be arrested by the court till further notice.

Your urgent response will be appreciated.

THKS N B’RGDS

UNQUOTE

It is extremely important that both owners and charterers are made aware of these potentially dangerous emails. Anyone receiving these unsolicited emails should be very careful and, if in doubt as to their authenticity, should send them to their IT support team before opening any attachments or links contained therein.

This follows on from the seminar Reed Smith delivered in Cyprus last month in relation to the increasingly pertinent issue of maritime cybersecurity. Shipowners are becoming increasingly exposed to cyberattacks – often from accidental interference rather than malicious attack.

It is important for owners to discuss with their clubs which of their P&I liabilities will be covered and what their responsibilities are when protecting against any potential future attacks. In general terms, owners are likely to be required by their respective insurers to demonstrate that they are taking reasonable steps to avoid or minimise cyber risks under their insurance, and to avoid or reduce the risk of cargo claims. Owners are strongly encouraged to be proactive in developing effective cyber incident response plans internally.

Risks are of course not limited to cyberattacks via email. Researchers also point to significant holes in the industry’s three key navigation technologies: GPS, marine Automatic Identification System (AIS), and Electronic Chart Display and Information System (ECDIS). Precautions should also be taken in respect of the potential corruption of computers on the bridge, in the engine control room, and in relation to cargo control mechanisms and port systems.

Similarly, charterers must also take steps to ensure the authenticity of any emails received containing invoices or payment demands. Cyber attackers posing as brokers or trusted third parties are also increasingly common and, with significant sums of money being transferred amongst charterers and owners, all industry players are reminded to remain vigilant. For example, when bank account details for payment are changed unexpectedly or an email does not quite look right, often a simple telephone call can help to clarify any uncertainty and can save millions of dollars.

Failure to take reasonable steps to avoid or minimise cyber risks may also expose owners to potentially significant fines and/or enforcement action under applicable data protection laws. Where owners operate within the EU, the potential to incur fines will increase exponentially once the General Data Protection Regulation (GDPR) becomes fully effective on 25 May 2018. Under the GDPR, EU national data protection authorities will have powers to fine organisations the greater of 4% of worldwide annual turnover or €20m for the most serious of data security breaches. Failure to implement appropriate steps to safeguard against malware can qualify as a breach of the minimum security obligations under EU data protection laws.