Steamship Mutual has informed its members that it had recently become aware of a cyber security incident involving a broker’s systems that resulted in an attempt to induce a Steamship Mutual member to transfer funds to a bank account established for fraudulent purposes.
The attempt was supported by forged documentation using Steamship’s letterhead and an official signature purporting to authorise a third-party factor to receive funds on Steamship’s behalf.
Steamship assured members that the club’s and managers’ own IT systems were not compromised at any time. The fraud was attempted using only the broker’s systems, and used documentation obtained via that source.
Steamship said that it had “extremely robust” cyber-security arrangements in place. However, notwithstanding this, a similar attack against another broker, targeting funds payable to the Club, could not be ruled out. Precautions were therefore necessary. Steamship strongly recommend that, should a member ever receive a request to transfer funds to a different bank account from that customarily used for Club transactions, the member should always telephone the usual Steamship contact at a known landline or mobile number – never using any number provided on the correspondence without checking its validity against an already known number.
The member can then determine whether the request is authentic.
Steamship emphasized that it would never ask a member to remit funds into an account other than in its own name and would never employ the services of a factoring company.
https://www.steamshipmutual.com/Downloads/Circulars-London/L.373.pdf