Phishing

Phishing is a social-engineering attack that uses fraudulent email, messages, or websites to trick recipients into revealing credentials, transferring funds, or installing malware. In shipping it targets crew and shore staff and is the most common entry point for vessel and port cyber incidents, including business email compromise that diverts bunker or freight payments. Because the vector exploits people rather than systems, defenses center on awareness training, email filtering, multi-factor authentication, and reporting procedures, all expected within the safety management system under IMO Resolution MSC.428(98). Targeted variants are covered under spear-phishing.