Cyber claims case study: Phishing for funds
It wasn't that long ago that it was fairly easy to spot a fraudulent email. You might be asked for your bank details in return for a massive inheritance from a long lost relative or a bogus cash prize giveaway. But these so-called social engineering scams have evolved dramatically and for many businesses, are now virtually impossible to spot. Our latest cyber claims case study explains how a law firm, specialising in property matters, fell victim to this increasingly common type of attack.
Social engineering involves the use of deception to manipulate individuals into carrying out a particular act, such as transferring money, handing over confidential information, or clicking on a malicious link. Not only is it causing serious financial harm to businesses around the world, but it takes many different forms including business e-mail compromise (BEC). For businesses that make frequent transfers of funds electronically, BEC is quickly become a serious risk.
Here are the case study's key takeaways:
- Many businesses don’t think they need to purchase cyber insurance because they have good IT security in place, such as firewalls and anti-virus software. But the fact is that people are often the weakest link in an organization’s IT security chain. With increasingly sophisticated attacks like this on the rise, it makes it very difficult for employees to tell the difference between real and fake emails, making the chances of a successful social engineering attack against a business all the more likely.
- With more and more businesses sending money electronically, the opportunities for cybercriminals to intercept these transfers is increasing exponentially. And almost all businesses are at risk. Funds transfer fraud made up 30% of CFC’s total cyber claims total by number in 2017, and these losses affected businesses from a wide range of trade sectors, all the way from schools and social media companies to hospitals and high street retailers. Any organisation that uses electronics funds in the course of their business activities is vulnerable to these kind of attacks and having a cyber policy with crime coverage in place is therefore essential.