Probably the most likely type of attack a shipping operator will experience will be a phishing scam. Usually this will be delivered by email or other form of electronic messaging (think social media or chat forums).

Depending on the attack, it may include a link to a plausible web site, or an attachment.

Phishing varies hugely in the quality of the attack. Doubtless you may have received an email from a bank that you don’t bank with, stating that your account has been hacked and that you need to take action urgently.

Their objective is to convince you to enter your banking credentials. Using these, your bank account may then be compromised.

However, more carefully targeted attacks are being used. The scammer will spend time researching you and your organisation online. This is called ‘open source intelligence gathering’ or ‘OSINT’, using social media and other resources to build a picture of you and the people you work with.

This allows for the hacker to send you seemingly more legitimate phishing scams via email or other contact sources that will give you more of an urge to comply with the hackers request.

Social media will often reveal the organisational structure; who reports to who. Another common trick is to find the social media profile of a CEO, CFO or senior head in finance. The scammer waits until they post that they are going on holiday or boarding a long flight.

At that point, an email arrives in someone’s inbox in the finance team, coming from the CFO or CEO.

It’s usually quite threatening, stating that someone’s job will be on the line unless an urgent payment is made.

Attempts to validate the request fail because the CEO is on a long flight. So, the finance person is intimidated into making the payment.

Only when the CEO lands does the attack become obvious.

There are many different flavours of the same attack, some involving telephone calls to ‘warm up’ the finance person. What’s known as ‘social engineering’ is also employed by some scammers to sweet talk their victims into disclosing useful information.

Naturally, you would expect them to put a little more effort into the scam than this, however the principle is solid.  If you were emailed from the Master using his/her ‘tone’ and signature block asking to send passage details, cargo plan etc….would you?  Remember it won’t always be asking for money.  Information is often worth more.

Pop up Ads when browsing – You might get an advertisement in its own ‘window’. This is a pop-up ad. Mostly they are just to advertise a product but sometimes can be an infectious computer virus.

To help stop the ads from disrupting browsing, try installing an ad-blocker. Also NEVER click on a pop-up ad as the risks of it infecting your system is very high.

Passwords – Sometimes setting an easy to remember password isn’t always the best thing to do. If you see your password the list bellow, I’ts recommend that you change it to a more secure one.

As mentioned earlier, Easy to crack passwords will continue to be a big risk in 2020 and is likely that passwords will be phased out in favour of a number of different multi-factor options. Next year may well be the first year of multi-factor by default,” Digital Shadows, a cyber threat intelligence company said.

“A secure password uses upper and lower case letters, numbers and symbols and is at least 6 characters long” e.g. gW3l!O2

A Computer Infection is a harmful piece of software or script that gets onto your computer system. The next set of slides is a list of different infections you can get nowadays from either surfing the web or downloading the software itself. Think of a Computer infection just like a human getting an infection, you can get some worse than others and they all have different effects.

Unfortunately, also like a biological virus, a computer virus can evolve to counter the drugs it is given.  In the case of a computer virus, the programmer will find a way to bypass the protection ‘drugs’.  Sadly this means the Anti-Virus providers have to constantly update their software.