Cyber-Crime Scams Against Yachts in the Caribbean – CSSN Special Report
During 2015, CSSN received reports of internet scammers who were preying on cruisers by intercepting marina reservations and bookings communications and luring cruisers to the scammer’s email, then asking for money to secure a (nonexistent) reservation via bank (wire) transfer.
Published 7 years ago, updated 4 years ago
It has been reported that several thousand dollars have been lost. A CSSN investigative team has confirmed the scam by engaging directly with the scammers and collecting their email communications and bank information and then passing that information back to the victims so they can engage and inform the proper authorities.
What has happened:
1. The scammers inserted a bogus email address in an online directory listing for marinas. They also directly hacked a marina website that was not properly secured.
2. Originally the scammers were able to hack a marina’s email account and insert their own contact information because the marina’s website was not well secured. Free accounts (Hotmail, Yahoo, Gmail), when used with hackable passwords, are easy to infiltrate and impersonate.
3. Anyone who contacted the marina using the directory service listed email link or the hacked website and Hotmail account were actually communicating with the scammers, who then began emailing with the potential client.
4. The scammers were convincing. To build credibility and gain trust they appeared to have first-hand knowledge of the marina, its published rates, the marina layout, how marinas operate in general and specifically how the target marina operates. They also provided local/regional knowledge and offered other additional services for a fee. In some cases, the scammers also “appropriated” the names of the marina owners or others, and at other times they used invented names.
5. When the target asked for rates and availability of a slip, the information was provided in a credible way, and then a deposit or total prepaid amount was requested.
6. The target was only given one option to pay, which was by direct bank (wire) transfer. The scammers supplied a routing number, account number and account name. At different times the scammers provided details for three different bank accounts in the USA, UK, and Europe.
7. The target then paid by wire transfer, received confirmation from their bank, and was provided assurances via email (from the scammer) that all was paid and awaiting their arrival.
8. The target arrived to find there was no slip available, no reservation and no knowledge of their arrival and intended stay. Relations between the target and the marina became strained, yet both were victims of the same scam.
9. The target contacts the bogus email address (again) and asked for a refund.
10. The target was then asked to send additional money to cover the refund process and other expenses and promised that when the money was received that they would receive a complete refund. A bank routing number and account number were provided for the second bank wire transfer payment.
11. If the target has by now not realized they have been scammed, they send more money and receive no refund.
How we caught them:
12. CSSN was aware of three victims. The victim that provided first-hand information arrived at the marina to find that no reservation(s) had been made and no payment received. They were out a whole season’s slip fees as well as the shock and inconvenience of no place to land. (there were at least two other similar victims reported by credible sources – a total loss about 3,0000 USD and counting)
13. The victims informed credible cruiser associations and trusted individuals of the problems.
14. An investigation by cruiser professionals who were knowledgeable about how to investigate and report cybercrime against yachts and CSSN was launched.
15. CSSN’s webmaster partnered with these technically competent and hacker savvy cruisers to reconstruct the cybercrime events and make this report.
What has changed since the investigations began:
16. The email address for one of the marinas (s) and their website is now more secure. Free email accounts are no longer used. Emails now use their registered domain name – like [email protected]
17. However, reservations are still taken by email – but it is an email attached to their website domain name which is less vulnerable to hacker attacks.
18. The marina’s website now clearly accepts credit cards and does not offer the bank (wire) transfer option
What is still a threat to cruisers and marinas:
19. These particular scammers are still active. The original local “directory listing” for the marina still shows the scammers’ email address. Also, some crowd-sourced cruiser information sites still list an insecure email address. So beware of links contained on internet “directories”, locate the correct and authentic site using other means (GOOGLE), or trusted listings for marinas and other services.
20. Many businesses that serve cruisers still use free email services and use free website providers for their websites. This is not recommended for sites that collect money or engage in any e-commerce activity, because of the ease with which these unpaid services can be compromised and scammed.
21. The crimes were reported to cybercrime agencies, but they have not taken any action.
Precautions you can take:
22. Use only reputable online directories from sources such as Noonsite, SSCA, and Cruiser Guide books to locate marinas and other services.
23. Recognize that businesses that use free email accounts as opposed to paid email services or email connected to a website domain or an email contact form are more vulnerable to having their emails diverted by scammers.
24. If you feel you have been scammed, report to the appropriate authorities listed below. (CSSN can not make reports on your behalf, only victims can make reports)
25. Report the suspected crime to CSSN using our convenient online report form. https://www.safetyandsecuritynet.com/?p=665
26. Read the resources for individual cruisers below and take precautions that make sense to you to hopefully prevent becoming the victim of a scam.
Continue reading this report at https://www.safetyandsecuritynet.com/3507-2/ [Broken Link]
Related to following destinations: Antigua & Barbuda, Aruba, Bahamas, Barbados, Dominica, Dominican Republic, Grenada, Jamaica, Martinique, Montserrat, Puerto Rico, Sint Maarten, St. Barts, St. Kitts & Nevis, St. Lucia, St. Martin, St. Vincent & the Grenadines, Statia, Turks & Caicos
Related to the following Cruising Resources: Caribbean, Cruising Information, Liveaboard Tips, Piracy & Security