Is cyber insurance right for my business? - Find out more

Case Study March 4, 2019

Cyber claims case study: Poached payment

The cybercrime section in most cyber policies will protect policyholders if they suffer a financial loss themselves.

For example, this could happen if a member of the finance team is tricked into sending a payment to a fraudulent bank account.

But it’s not always the policyholder’s business that suffers a loss in this way, but the policyholder’s customers, in so-called "customer payment fraud" events. 

This cyber claims case study tells the story of how an insurance brokerage was impersonated by a fraudster, who then managed to get one of the brokerage’s customers to send their premium over to a fraudulent account. Although the brokerage itself didn't lose the money, the fact that their breached system led to the customer's loss meant that they were deemed responsible and reimbursed the customer. 

The key takeaway points are: 

  • Cybercriminals are becoming increasingly canny at parting individuals and businesses from their money. In this case, the fraudster managed to successfully impersonate one of the broker’s trusted contacts and lured the broker into volunteering his email login details; set up a forwarding rule to prevent the broker from coming across any email responses from the client relating to the scam; came up with a credible reason as to why the client would need to send over the funds to a different account; and encouraged the client to pay quickly by claiming that the insurer was chasing up the premium.
  • When a business is impersonated by a fraudster who manages to trick a customer into transferring funds to a fraudulent account, many customers will place the blame on the business that was impersonated and seek reimbursement for their loss, especially if it was the business’s systems that were compromised and used to facilitate the fraudulent communications.
  • The importance of having cover for customer payment fraud on cyber policies is becoming increasingly apparent. Many cyber policies with crime sections will only provide cover for losses that directly affect an insured. But in this case, it wasn’t the insured that suffered a direct loss but their customer. However, because the customer blamed the insured for their loss, the insurer were under pressure to reimburse the client. With more and more financial transaction being carried out electronically and with more and more cybercriminals looking to intercept them, the chances of a business’s customers falling for a scam of this nature are only increasing.