Email Piracy & Social Engineering Sample Claim: An insured issued a check to a client for approximately $300,000. The insured received email instructions from two separate parties involved in the transaction, advising to stop payment on the check and instead wire the money to a specified bank account. The insured also received the instructions verbally (phone), and verified using a driver’s license number. The insured wired the money as instructed after waiting 24 hours. Four days later the client contacted the insured, confused because the (paper) check had not cleared. As you may have already guessed, the insured wired the money to a criminal’s bank account. The money is gone, and the parties are now heading to litigation.
Prevention: Criminals target vulnerable small to medium sized companies holding large amounts of cash. Email Piracy is growing fast; the FBI estimates that more than 7,000 companies in the US have been victimized.
- Be Suspicious of payment changes and all email addresses.
- Confirm all payment instructions via an outgoing call.
- Insure by purchasing Cyber Risk/Crime insurance. Review the policies; many cyber policies do not cover Email Piracy/Social Engineering, but they can be tailored to provide this coverage. Give us a call at 937.434.9090 and we will be happy to walk you through the options that are available to you.