Phishing: The scam that lands in your inbox

Valour Consultancy sees phishing as one of the most prevalent types of attack in the maritime industry.

Attackers impersonate trusted sources via electronic communication to trick users into revealing sensitive information, such as passwords, account credentials, or financial details. In the maritime sector, where digital tools and offshore connectivity are increasingly relied upon, phishing has become a daily threat.

Attackers often target both crew members and management teams, knowing they’re frequently under pressure, short on time, and unable to verify every message carefully.

Why it’s dangerous: 

Phishing emails can appear to come from agents, colleagues, or port authorities. One click on a malicious link or attachment can give an attacker access to the entire system. Targeted forms of phishing, such as spear phishing (directed at specific individuals) and whaling (aimed at executives), are particularly dangerous.

Real life examples:

• A captain receives an email including a PDF for a fake port inspection infected with malware.
• An ETO gets a personalised message from “AVIT support” instructing an urgent software update.
• Yachting management office approves a payment based on a forged email posing as the owner of a vessel

How to protect against it:

• Deploy email filters that scan attachments and links for threats.
• Conduct OmniAccess-led cyber security awareness training, including simulated phishing campaigns.
• Implement two factor authentication (2FA) across all operational and business systems In today’s digital maritime environment, phishing isn’t just an IT issue, it’s a business risk.

The weakest link isn’t the cable, it’s the click.