Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

The Risk of On-Line Cyber Crime, Fraud on the Rise


The Risk of On-Line Cyber Crime, Fraud on the RiseIn our recent article, “Potential E&O Exposures for Real Estate Professionals,” we discussed the exposures related to the use of wire transfers and the Automated Clearing House (ACH) in transactions for real estate agents and brokers, property managers, title agents and escrow agents, mortgage brokers and bankers. These risks involved were also recently underscored in an article in the Wall Street Journal on July 29th that is worthy of revisiting the issue again.

According to the WSJ article, the FBI estimates that companies across the globe lost more than $1 billion from October 2013 through June 2015 as a result of schemes known as “corporate account takeover” or “business email fraud.” The estimates include complaints from businesses in 64 countries, though most come from U.S. firms.

The example of the fraud cited in the WSJ article involved scrap processor in the business for 30 years. In April, the company wired $100,000 to a German vendor to pay for a 40,000-pound container load of titanium shavings. The vendor, however, never received payment. A cyber security firm looking into the matter later discovered that a third party had infected an email account used by one of the scrap processor’s brokers. Malicious software was implanted on the broker’s computer allowing the crooks to collect passwords that provided access to the broker’s email system. The criminals were then able to falsify wire-transfer instructions for a legitimate purchase.

This type of fraud is not uncommon. In fact, in a recent advisory, the FBI said its Dallas office had identified six Nigerians, possibly working as a group, who had targeted roughly 25 Dallas companies, “with an attempted loss of over $100 million.” The emails appeared to be from high-level executives in the company being targeted, the FBI said in the advisory. But in reality the emails were sent from a domain that was similar, not identical, to the target’s actual domain name.

Cyber crooks have also used malware to directly insert themselves into a company’s email system, as we discussed in our previous article. After monitoring email traffic, these crooks mess with a legitimate message, altering wire transfer or Automated Clearing House orders so that the payment is diverted to a bank account they control. The industry-run group overseeing ACH transactions, NACHA, says it “strongly advocates” businesses “work together with their financial institutions to understand and use sound business practices to prevent and mitigate the risk of corporate account takeover.”

Moreover, companies of all sizes have lost money as a result of such schemes, with small businesses likely one of the biggest targets as they simply don’t have the budgets for security and investigations that larger corporations do. For instance, in February, the WSJ cited a case where the CFO of a consulting firm based in Toronto and Las Vegas received an email that appeared to come from the company’s chief executive, instructing her to “Process a payment of $169,705.00 USD” via a bank to a firm in Florida. The scheme, unraveled, however, when the CEO happen to call the CFO as she was reviewing the request. When she asked what the money was for, the CEO said he knew nothing about it. Upon further scrutiny, it was revealed that the email was sent from an address similar to the company’s, but it lacked the letter “I” in “consulting.”

Fraudulent transfer schemes are proliferating because “everything is online these days,” said Steven Bullitt, an assistant special agent in charge of the Secret Service’s Dallas Field Office, to the WSJ. By monitoring social media, a company’s website and other sources, crooks can gather intelligence needed to create a legitimate-seeming request, security experts say.

The key as we iterated before is to verify emailed wire-transfer instructions with a phone call to the company receiving the payment.

Addressing these type of risks is complex and requires not only robust best practices but also a careful review of a company’s insurance policies to see what coverage would respond in the event of a loss. Axis Insurance Services specializes in Professional Liability, Crime, Cyber Liability and other critical insurance products for several key industry sectors. Give us a call at (877) 787-5258 to find out how we can help you.

 

 

Comments

comments

Blogged on: August 10, 2015 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions