« Update: Investment Firms & Cyber Crime | Main | Cyber-Attacks on Healthcare Organizations Increase – Ransomware »

June 01, 2016

Cyber Risk Insurance & Email Piracy (BEC, Social Engineering Fraud)

As we have noted (here & here), Email Piracy, also called Business Email Compromise (BEC) and social engineering fraud, is a significant threat, and only a few Cyber Risk Insurance policies provide adequate protection from this type of attack.  

Whaling is a subset of Email Piracy (see here & here):  a fraudster emails a senior member of the finance team pretending to be the CEO in a bid to trick them into making a large wire transfer out of the company.  Does this really work?  Two examples (see here):

  • In February it was revealed that fraudsters made off with a massive $17m from a single firm after persuading a senior exec at commodities trader Scoular to wire funds to a Chinese bank.
  • And in June, magazine publisher Bonnier Group fell for the same trick, this time transferring out at least $1.5m before the scam was spotted.

A recent international survey (see here) found a significant increase in whaling attacks.  How does this play out?  A Symantec post (see here) provides a road map.  As noted in our Tips for Preventing Email Piracy (updated here), these scams appear to come from senior managers, typically the CEO, and ask for a quick response and secrecy. 

Small businesses are targets of all types of Email Piracy:

  • A law firm wired approximately $200,000 to criminals after receiving false wire transfer instructions.
  • A real estate organization delivered a $300,000 check to a client at closing.  Subsequent emails requested the check be stopped and the funds wired to a specified account.  After verifying the “clients” identification on the phone with personal information, the company wired the money.  The company did not realize the fraud until the real client called asking why the funds were not in their account.

Prevention is one important step to reduce this exposure.  The other is Cyber Risk Insurance, an essential coverage for businesses of all sizes for protection from data breaches to Email Piracy including Whaling.  Policy forms vary widely and can be tailored to cover the cost of whaling, email piracy and BEC, along with breaches, forensics, business interruption, credit card assessments and crisis management. 

Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber). 

Posted at 08:00 AM |

Comments

Insurance Agency

Nice post.Thanks for sharing with us.

Posted by: Insurance Agency | July 19, 2016 at 05:24 AM

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)

About

Subscribe by Email

Recent Posts

Search

Archives

More...

Organizations

Subscribe to this blog's feed

Google Adsense