The New Sheriff in Town for Cyber Liability
Just when you thought everything’s covered (no pun intended), there’s another new exposure to watch out for. It’s becoming a major threat to small and large companies alike, especially those in construction and similarly unsuspecting industries. Some call it email compromise, wire transfer email fraud or the man-in-the-email scam. It really doesn’t matter what you call it, what matters is that as a company executive, you’re aware of the recent trend and are actively trying to minimize the risk of it happening to your organization.
The scam usually goes like this: thieves hack into a company’s email system and pose as the CEO, CFO, President or someone in a senior executive position. Then, he or she will issue an email communication to a lower level employee urgently directing that employee to perform an electronic wire transfer of funds to a bogus account that had previously been established by the hacker. In most cases, the employee is too nervous to question the authority of the transaction with the “senior level executive” and the scam is executed.
Three Main Elements
- Thieves or hackers secure an internet domain name very similar to that of the targeted company, supplier or other vendor. If the targeted company is ABC and the internet domain name is www.abc100.com, the thieves will secure www.abc1000.com.
- Thieves will research public information about targeted companies such as senior level employees.
- Thieves will call the target company making various inquiries. For example, they might inquire who’s in charge of making wire transfers and ask for that person’s email address.
With very little effort, thieves can easily and successfully obtain targeted company’s private information. Armed with this information, the hackers can send emails requesting wire transfers to accounts with similar domain names as the target company’s regular suppliers or other vendors to accounts that the thieves control.
Six Ways to Minimize Risk
- Develop procedures to confirm that all wire transfer requests within the company have been authorized.
- Double and triple check email addresses looking for slight modifications.
- Establish a multi-person sign-off procedure for transactions over a certain dollar amount.
- Slow down and be alert of possible wire transfer fraud at all times.
- Understand that many companies require purchase orders from the finance department to spend money.
- Be suspect of any correspondence asking for a wire transfer to be kept secret.
In the News
On January 22, 2015, The Federal Bureau of Investigation issued Public Service Announcement Alert # 1-012215-PSA citing that Business Email Compromise (BEC) is a global scam with victims in every U.S. state and 45 countries. From October 1, 2013 to December 1, 2014 the following statistics were reported:
- Total U.S victims: 1198
- Total U.S. dollar loss: $179,755,367.08
- Total non-U.S. victims: 928
- Total non-U.S. dollar loss: $35,217,136.22
- Combined victims: 2126
- Combined dollar loss: $214,972,503.30
The FBI strongly believes that the number of victims as well as dollar losses will only continue to rise.
If you have any concerns that your company may be a target of such a crime, and you’re unsure as to whether or not you currently have coverage, contact us. You can also view our Cyber & Privacy Liability webinar series on AU Replay.
- FYI: Cyber Claims Excluded from General Liability Coverage
- Private Companies Must Wake Up On Cyber Liability Insurance
- Cyber Attacks: A Growing Business Interruption Threat
- Cyber & Privacy Liability: Part 2 Webinar (9/10)
ABOUT THE AUTHOR