Some practical advise about email fraud and phishing targeting shipping companies

We were informed about some email fraud attempts targeting specifically shipping companies and we would like to offer some practical advise below on how to avoid email fraud and phishing.
The specific frauds attempts originated from a look alike email address of a shipping agent informing that money transfers should be made to a different bank account. Such frauds failed when recipients paid attention that the email address of the originator was not correct but a "look alike"  and initiated a phone verification with the counter parties of the bank account change.

We suggest:

  • Avoid communicating sensitive information like passwords and credit card details via email
  • Do not accept updates about crucial information like change of contact or bank details of your vendors via email. Use direct methods (i.e. phone) to verify such changes.
  • Be aware about who has access to your incoming emails (i.e. more than one employees for shared emails). In case you autoforward your incoming messages to 3rd party freemail keep in mind that you are not in control about who really has access to your incoming messages.
  • Change your email passwords frequently and force a change of passwords whenever an employee leaves your company.
  • With outgoing emails you can always be sure that these will reach at their intented destination. Keep in mind that since there is always another party involved (i.e. the recipient) it is not in your control who will read your message. Recipients frequently share emails to more than one persons and/or autoforward to 3rd party emails (i.e. gmail, yahoo etc).
  • Customers of the akereon outgoing email service for shipping may use the mail panel to find out exact information about deliveries of outgoing messages.
  • With incoming emails it is quite easy for a fraud to "impersonate" the legitimate sender email address with a look alike i.e. instead of the legitimate This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it. and instead of This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it.. Keep in mind that it is also possible to impersonate the exact sender email address.
  • Maintain an address book with the legitimate email addresses of your counter parties. If in doubt about the origins of an email message contact your IT support or email provider (i.e. akereon) to verify the trace of an email.

http://en.wikipedia.org/wiki/Phishing
"Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication."