January 21, 2016 | Industry Insights

Social Engineering Fraud: Avoid Taking the Bait in Phishing and Spoofing Scams

Share This:

The Federal Bureau of Investigation (FBI) last September issued a pair of warnings concerning fraud schemes that involve email, wire transfers, checks, and international businesses. The targets of these schemes are typically firms that work with foreign suppliers and those that perform wire transfer payments, including those in the transportation and global logistics services industry. The warnings stated that since January 2015, the number of victims has nearly tripled in the U.S. and across 79 different countries, at an increase of 270%.

These types of cyber attacks referenced by the FBI warnings are called Business Email Compromise (BEC). In a BEC scam, a cyber criminal often impersonates a high-ranking corporate executive and sends a “spoofed” email to a carefully selected target that generally has access and authority to transfer large sums of money on behalf of the company. Unlike traditional phishing schemes, BEC scams are well researched. Successful hackers surf social media sites of the target employee, review corporate web pages for contact information, and read professional writings to gain insight into the corporate culture as well as the individual characteristics of the target employee. The objective is to convince the targeted employee to send money. In fact, there have been more than 8,000 victims and $800 million in losses, according to the FBI. Once the international law enforcement reports are tallied, the losses total more than $1.2 billion.

Just take a look at a recent example involving a transportation intermediary that was spoofed: The company routinely wire transfers funds as part of the course of doing business. The Accounting department received what appeared to be an email from its company’s president requesting that $150,000 be sent to Hong Kong. The request was actually from a spammer/hacker.

Another example involved an employee at a hydraulic component distributor that received an email order from what was believed to be a good customer requesting a product be shipped immediately. The employee noticed that the ship-to address differed from past orders but in an effort to keep their “good customer” satisfied, processed the order as requested. After the receivable hit the firm’s 45-day mark, the distributor contacted the customer only to learn that they never placed the order, which was valued at $25,000.

While there are no full-proof steps to eliminate the risk of a BEC scam, there are measures your firm can take to lessen your exposures. These include:

  • Reviewing wire transfer protocols.
  • Beefing up spam filters.
  • Learning to read subject/message headers, and trace IP addresses.
  • Never clicking on unfamiliar links or download unrecognized attachments.
  • If you manage your own email, auditing your system to see how it responds to SPF and DMARC (Domain-based Message Authentication, Reporting & Conformance) records.
  • If you own your own domain, filing DMARC records for it.
  • Verifying changes in vendor payment location by adding additional two-factor authentication such as having a secondary sign-off by company personnel.
  • Confirming requests for transfers of funds. When using phone verification as part of the two-factor authentication, use previously known numbers, not the numbers provided in the e-mail request.
  • Knowing the habits of your customers, including the details of, reasons behind, and amount of payments.
  • Scrutinizing all e-mail requests for transfer of funds to determine if the requests are out of the ordinary. If anything looks slightly suspicious, question it.

Specialized Insurance Coverage Available

Roanoke Trade partners with an insurance company that has recently made coverage available for this type of exposure in the form of an endorsement added to a Crime insurance policy. This add-on, the Social Engineering Fraud Endorsement, covers a range of social engineering fraud losses, including:

  • Vendor or supplier impersonation
  • Executive impersonation
  • Client impersonation

There are additional advantages with this coverage, including:

  • Full carve-back to the voluntary parting exclusion.
  • Broad all-risk language wherein loss does not have to occur through use of

computer, email or phone.

  • A streamlined supplemental application.
  • No requirement for vendors and suppliers to carry Crime or Fidelity insurance to trigger coverage.

As the Social Engineering Fraud Endorsement is a new offering, limited coverage is available, although higher limits may be considered with additional underwriting. The endorsement is ideal for larger businesses due to its minimum high premium and its underwriting requirements that obligate an insured to maintain or improve anti-fraud firewalls and procedures. Our professionals at Roanoke Trade are available to discuss this coverage with you. Just give us a call at 1-800-ROANOKE (800-762-6653).

 

 

 

Share This:

Related


How Vulnerable is Your Company to an Attack by Cyber Criminals?

As featured in Forward Magazine At the AirCargo 2022 conference, a question was posed to the audience: Who has cyber insurance? Only 20% of the audience raised their hands! This is concerning because cyber-related crime is at an all-time high and still growing fast. The current data around cybercrime is alarming. By April of 2021, […]

Cyber Security, Industry Insights

Reduce the Increasing Rate of Rail Thefts

Situation  In Q4, BSI recorded a significant uptick in rail thefts in North America, especially in the United States, in the Los Angeles area along trail lines, and near the port.  In Q4, the rail modality accounted for 6.7 percent of recorded cargo theft incidents in the United States. While this is a significant jump […]

Cargo Insurance, Industry Insights, Shippers Interest Cargo Insurance, Trade, Transportation

Roanoke Appoints a New Regional Vice President and Head of Sales

Roanoke has appointed two key leaders to new roles, effective November 1, 2023. Please join us in congratulating Patrice Lafayette for accepting the position of Regional Vice President, Western Region, and Grant Goldsmith, who has accepted a position as Head of Sales. Patrice has been a steadfast leader of Roanoke’s Western Region for more than […]

Industry Insights

Professional Partnerships

Roanoke is the leading provider of insurance and surety solutions for transportation and logistics providers. In fact, we are recognized as the most reliable source for U.S. customs bonds.

Contact

If you have any questions or need help, feel free to contact with our team.

800-762-6653

US CORPORATE HEADQUARTERS

1501 E. Woodfield Road

Suite 400W

Schaumburg, IL 60173


CANADA CORPORATE HEADQUARTERS

390 Bay Street

Munich Re Centre, 22nd Floor

Toronto, ON M5H 2Y2

Solutions that Go the Distance.

© 2024 Roanoke Insurance Group Inc. A Munich Re company

Better Business Bureau logoCoverholder at Lloyd's logo