As we have noted (here & here), Email Piracy, also called Business Email Compromise (BEC) and social engineering fraud, is a significant threat, and only a few Cyber Risk Insurance policies provide adequate protection from this type of attack.
Whaling is a subset of Email Piracy (see here & here): a fraudster emails a senior member of the finance team pretending to be the CEO in a bid to trick them into making a large wire transfer out of the company. Does this really work? Two examples (see here):
- In February it was revealed that fraudsters made off with a massive $17m from a single firm after persuading a senior exec at commodities trader Scoular to wire funds to a Chinese bank.
- And in June, magazine publisher Bonnier Group fell for the same trick, this time transferring out at least $1.5m before the scam was spotted.
A recent international survey (see here) found a significant increase in whaling attacks. How does this play out? A Symantec post (see here) provides a road map. As noted in our Tips for Preventing Email Piracy (updated here), these scams appear to come from senior managers, typically the CEO, and ask for a quick response and secrecy.
Small businesses are targets of all types of Email Piracy:
- A law firm wired approximately $200,000 to criminals after receiving false wire transfer instructions.
- A real estate organization delivered a $300,000 check to a client at closing. Subsequent emails requested the check be stopped and the funds wired to a specified account. After verifying the “clients” identification on the phone with personal information, the company wired the money. The company did not realize the fraud until the real client called asking why the funds were not in their account.
Prevention is one important step to reduce this exposure. The other is Cyber Risk Insurance, an essential coverage for businesses of all sizes for protection from data breaches to Email Piracy including Whaling. Policy forms vary widely and can be tailored to cover the cost of whaling, email piracy and BEC, along with breaches, forensics, business interruption, credit card assessments and crisis management.
Tennant Risk Services is a specialty wholesale broker and underwriting manager, and delivers expertise, markets and exemplary services to our retail insurance agent clients in the placement of professional liability insurance (E&O, D&O, EPL, Cyber).