Hackers are now using email in different and creative ways to steal money from small businesses – Email Piracy – so make sure your Cyber Risk Insurance covers this type of loss. Email Piracy is a new trend and is simpler than bank account takeover (discussed previously here), where a hacker will gain control of a company’s bank account.
How Email Piracy Works: First, hackers gains access to an email account, typically through phishing. Phishing is getting a victim to click on a link or an email attachment in order to install some sort of malware. The malware allows the hacker to steal user credentials which can then be used to gain control of an email account. After gaining control of an email account the hackers use a variety of means to dupe the victim into sending money. There is not a set pattern to Email Piracy, but many variations as shown in these examples:
Real Estate Broker. A real estate broker sent an email from a personal email account to a client with wire transfer instructions attached. Shortly thereafter, the client received a second email appearing to be from the same email address with different wire transfer instructions including a different bank account. The client wired the money to the account noted on the second email without checking on the change. Luckily, the money was immediately frozen in the account and recovered. The real estate broker incurred investigative and legal fees in resolving this incident.
Lawyer (see here & here). A lawyer was phished using an email that appeared to be from the US Post Office and his user information was stolen. When he went online to his bank account he we redirected to an alternative site. Using the alternative site, the victim’s bank credentials and some convincing phone calls, the hacker convinced the victim to wire $289,000 to a foreign bank account.
Escrow Agent. After a phone conversation, an escrow agent sent password protected wire transfer instructions via email to another closing agent. The closing agent received the email and then received revised wire transfer instructions in a follow-up email (not password protected) that appeared to be from the escrow agent. The closing agent wired the closing funds to the account noted in the second email. The funds have been lost, but it appears that insurance will cover the loss.
Cyber Risk Insurance is an essential coverage for business of all sizes for protection from both criminal attacks and employee error. Some Cyber Risk insurance policies provide coverage for Email Piracy – but some do not. Coverages vary widely and can be tailored to cover the cost of breaches, forensics, business interruption, crisis management and PCI assessments. Your agent or broker, working with a Cyber Risk Insurance expert, should be able to assess your exposure to Email Piracy and assist you with the proper coverage.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber). We excel at hard to place accounts. Review our expectations here.