January 21, 2016 | Industry Insights

Social Engineering Fraud: Avoid Taking the Bait in Phishing and Spoofing Scams

Share This:

The Federal Bureau of Investigation (FBI) last September issued a pair of warnings concerning fraud schemes that involve email, wire transfers, checks, and international businesses. The targets of these schemes are typically firms that work with foreign suppliers and those that perform wire transfer payments, including those in the transportation and global logistics services industry. The warnings stated that since January 2015, the number of victims has nearly tripled in the U.S. and across 79 different countries, at an increase of 270%.

These types of cyber attacks referenced by the FBI warnings are called Business Email Compromise (BEC). In a BEC scam, a cyber criminal often impersonates a high-ranking corporate executive and sends a “spoofed” email to a carefully selected target that generally has access and authority to transfer large sums of money on behalf of the company. Unlike traditional phishing schemes, BEC scams are well researched. Successful hackers surf social media sites of the target employee, review corporate web pages for contact information, and read professional writings to gain insight into the corporate culture as well as the individual characteristics of the target employee. The objective is to convince the targeted employee to send money. In fact, there have been more than 8,000 victims and $800 million in losses, according to the FBI. Once the international law enforcement reports are tallied, the losses total more than $1.2 billion.

Just take a look at a recent example involving a transportation intermediary that was spoofed: The company routinely wire transfers funds as part of the course of doing business. The Accounting department received what appeared to be an email from its company’s president requesting that $150,000 be sent to Hong Kong. The request was actually from a spammer/hacker.

Another example involved an employee at a hydraulic component distributor that received an email order from what was believed to be a good customer requesting a product be shipped immediately. The employee noticed that the ship-to address differed from past orders but in an effort to keep their “good customer” satisfied, processed the order as requested. After the receivable hit the firm’s 45-day mark, the distributor contacted the customer only to learn that they never placed the order, which was valued at $25,000.

While there are no full-proof steps to eliminate the risk of a BEC scam, there are measures your firm can take to lessen your exposures. These include:

  • Reviewing wire transfer protocols.
  • Beefing up spam filters.
  • Learning to read subject/message headers, and trace IP addresses.
  • Never clicking on unfamiliar links or download unrecognized attachments.
  • If you manage your own email, auditing your system to see how it responds to SPF and DMARC (Domain-based Message Authentication, Reporting & Conformance) records.
  • If you own your own domain, filing DMARC records for it.
  • Verifying changes in vendor payment location by adding additional two-factor authentication such as having a secondary sign-off by company personnel.
  • Confirming requests for transfers of funds. When using phone verification as part of the two-factor authentication, use previously known numbers, not the numbers provided in the e-mail request.
  • Knowing the habits of your customers, including the details of, reasons behind, and amount of payments.
  • Scrutinizing all e-mail requests for transfer of funds to determine if the requests are out of the ordinary. If anything looks slightly suspicious, question it.

Specialized Insurance Coverage Available

Roanoke Trade partners with an insurance company that has recently made coverage available for this type of exposure in the form of an endorsement added to a Crime insurance policy. This add-on, the Social Engineering Fraud Endorsement, covers a range of social engineering fraud losses, including:

  • Vendor or supplier impersonation
  • Executive impersonation
  • Client impersonation

There are additional advantages with this coverage, including:

  • Full carve-back to the voluntary parting exclusion.
  • Broad all-risk language wherein loss does not have to occur through use of

computer, email or phone.

  • A streamlined supplemental application.
  • No requirement for vendors and suppliers to carry Crime or Fidelity insurance to trigger coverage.

As the Social Engineering Fraud Endorsement is a new offering, limited coverage is available, although higher limits may be considered with additional underwriting. The endorsement is ideal for larger businesses due to its minimum high premium and its underwriting requirements that obligate an insured to maintain or improve anti-fraud firewalls and procedures. Our professionals at Roanoke Trade are available to discuss this coverage with you. Just give us a call at 1-800-ROANOKE (800-762-6653).

 

 

 

Share This:

Related


Unlocking Success: The Key Elements of Carrier Vetting and Managing Liability

By: Andrew Johnson, Account Executive, Roanoke Insurance Group Inc. The freight brokerage industry as we know it today began in the late 1970s and early 1980s, around the time of the Motor Carrier Act of 1980. Before the passage of this landmark legislation, regulations were too restrictive to make freight brokerage a viable business segment. […]

Industry Insights

New Report by BSI Global Intelligence Outlines Leading Causes of Increased Theft

Increased Prices of Fuel, Agricultural Products, and Other Goods are Leading to Increased Theft In partnership with Roanoke, BSI’s Global Intelligence Analysts have provided a high-level outlook on the top supply chain risks expected in upcoming months, based on data and trends from the first three quarters of 2022. BSI’s data shows that thieves globally […]

Industry Insights

Leadership Excellence: Karen Rzeszutko Represents Roanoke on USCIB Board

We are excited to share that Karen Rzeszutko, President of Roanoke Insurance Group Inc. has been appointed to the Board of Directors of the United States Council for International Business (USCIB) for the 2024-2026 term. This appointment recognizes Karen’s outstanding leadership and her significant contributions to the industry. The USCIB, a prominent organization dedicated to […]

Corporate Communiqué, Industry Insights

Roanoke is the leading provider of insurance and surety solutions for transportation and logistics providers. In fact, we are recognized as the most reliable source for U.S. customs bonds.

Contact

If you have any questions or need help, feel free to contact with our team.

800-762-6653

US CORPORATE HEADQUARTERS

1501 E. Woodfield Road

Suite 400W

Schaumburg, IL 60173


CANADA CORPORATE HEADQUARTERS

390 Bay Street

Munich Re Centre, 22nd Floor

Toronto, ON M5H 2Y2

Solutions that Go the Distance.

© 2024 Roanoke Insurance Group Inc. A Munich Re company

Better Business Bureau logoCoverholder at Lloyd's logo