{"id":12477,"date":"2018-07-31T08:00:00","date_gmt":"2018-07-31T12:00:00","guid":{"rendered":"https:\/\/www.resourcepro.com\/cyber-insurance-wire-transfer-fraud\/"},"modified":"2024-07-15T10:14:40","modified_gmt":"2024-07-15T14:14:40","slug":"cyber-insurance-wire-transfer-fraud","status":"publish","type":"post","link":"https:\/\/www.resourcepro.com\/blog\/cyber-insurance-wire-transfer-fraud\/","title":{"rendered":"WTF is Wire Transfer Fraud?!"},"content":{"rendered":"

\"\"<\/p>\n

Patrick Costello<\/a> <\/em>is a Principal and co-founder of Evolve<\/a><\/em>, a cyber liability specialist Managing General Agent founded in 2015. The Evolve team works directly with retail insurance brokers and has 20 full-time cyber specialists in six offices across the US.<\/em><\/p>\n

Savage Cybercrime <\/strong><\/h2>\n

It\u2019s fitting that wire transfer fraud can be shortened to WTF. This frustrating and costly scam can cause massive losses at a moment\u2019s notice and applies to any business with a bank account.<\/p>\n

In cyber insurance, we see wire transfer fraud impacting organizations on a daily basis, and it\u2019s one of the most common claims filed. The FBI reports<\/a><\/u> that scammers attempted to steal $5.3 billion using business email schemes from 2013 to 2016, and the number of cases continues to rise each year.<\/p>\n

Here are 5 key points to keep your CEO from saying \u201cWTF?!\u201d<\/strong><\/h2>\n

1.<\/strong> What is Wire Transfer Fraud?<\/strong><\/p>\n

Essentially, it refers to psychological manipulation that results in a wrongful wire transfer to a criminal third party. Insurance policies often use the term \u201csocial engineering.\u201d<\/p>\n

Here\u2019s a classic example: the CEO is on vacation and gets an email from who they assume is the CFO asking for confirmation of a wire transfer. The email appears to be legit, but the CEO doesn\u2019t realize that it is a few letters off from the legitimate email address. You\u2019d be shocked at how sophisticated these attacks are, with email signatures copied word for word and other realistic touches. (Often those details are obtained through phishing scams<\/a><\/u>, which is a whole other bucket of worms). The CEO, in vacation mode, doesn\u2019t pay too much attention and OKs the transfer for a large sum. By the time the fraud is discovered the money is long gone and the CEO faces major scrutiny for their role in the scam.<\/p>\n

While both large multinationals and small companies are victims of wire transfer fraud, often small to medium-sized businesses are specifically targeted. That\u2019s because they typically do not have the protocols, training and procedures in place that will effectively defend against a serious cyber-attack.<\/p>\n

\"\"<\/p>\n

2.<\/strong> What\u2019s at stake?<\/strong><\/p>\n

The immediate aftermath is a loss of funds. We\u2019ve seen it go over a million dollars. Again, every business with a bank account is at risk. Insurance agencies, for example, have massive cyber exposure because they are transferring money regularly and collecting a significant amount of personally identifiable information.<\/p>\n

It’s not just revenue that’s affected by these scams, we\u2019ve also seen folks jeopardize and lose relationships with key vendors. Recently, we worked with a client who found themselves in a situation that involved a criminal who impersonated a title company and tricked a first-time homebuyer into transferring $350,000 into a criminal account. That\u2019s something that didn\u2019t necessarily impact the insured directly as much as it affected the third party\u2026their customer<\/em>.<\/p>\n

3. What should a policy look like?<\/strong><\/p>\n

As the newest form of commercial insurance, cyber insurance isn\u2019t uniformly covered across the industry. Most people don\u2019t know why they need cyber insurance or what a cyber policy entails.<\/p>\n

The majority of markets do not offer this coverage. If they do, many times there will be caveats in the language around dual factor authentication. Did the CEO call the CFO to make sure the transaction was valid? If not, your claim might not be covered by many policies.<\/p>\n

If you do have a cyber policy in place, make sure it\u2019s a quality one that will include social engineering coverage at the highest limit available. Crime policies may include cyber triggers that reference social engineering. You need to see how the policies will react together\u2014which one will be primary, which will be excess. Ideally, you build the highest coverage you can against wire transfer fraud because it\u2019s such a massive exposure and the funds are rarely recovered.<\/p>\n