- HOME
- News & Report
- 2019-11-25
Dear Customers,
Thank you for using our services.
A cyber incident that hijacks a company email account has occurred.
This time, it was not a vessel mail but a land company account.
A result of the company's e-mail address and password is leaked, false ordering mail
(vessel equipment, etc.) were sent by company accounts.
The mail receiver (probably non-existent. Also a part of the criminal
group, which pretend a bona fide third party) starts to arrange after
receiving ordering email, but the person who received this
contact (the person who hijacked the email) If you are surprised and
deny the order, you will be billed as "We have already started
arrangements and we want to pay a cancellation fee."
The sent ordering email is actually sent from an official business email
account, and it will be recorded both in the person's sent folder
and in the CC.
It is considered to be a crime committed to weakness that is not
a spoofed email.
In order to cope with this, the following procedure is important.
(1) First, check whether the account hijacked is true. Account access
history is recorded in cloud systems such as Office365 and Gmail. If an
unrecognized access is found, there is a possibility of hacking your
account. Contact your system administrator immediately and take
necessary measures such as changing your password.
(2) Next, it is important that the partner clearly declares that “there
is no fact of ordering” and that do not take any further action. If you
continue to communicate, there is a risk that you will be charged the
quality of paying a cancellation fee.
The company email account used for business has the convenience
of a cloud system that can be accessed from anywhere, but there is
a risk of being hijacked just by stealing the password. It is recommended
to enhance security using technologies such as IP address authentication
or two-step authentication.
In addition, there are cases where user registration on the web site is
used as a route to steal passwords. In order to view a specific site.
You will be asked to register an email address and create a user account.
At this time, the user ID and password are registered.
If you accidentally register the same password, the password might be
going to be leaked.
When registering a site that requires an account, please be careful of the
password you set.
If you have any questions or concerns regarding cyber security, please
feel free to contact us.
with Best Regards.