January 21, 2016 | Industry Insights

Social Engineering Fraud: Avoid Taking the Bait in Phishing and Spoofing Scams

Share This:

The Federal Bureau of Investigation (FBI) last September issued a pair of warnings concerning fraud schemes that involve email, wire transfers, checks, and international businesses. The targets of these schemes are typically firms that work with foreign suppliers and those that perform wire transfer payments, including those in the transportation and global logistics services industry. The warnings stated that since January 2015, the number of victims has nearly tripled in the U.S. and across 79 different countries, at an increase of 270%.

These types of cyber attacks referenced by the FBI warnings are called Business Email Compromise (BEC). In a BEC scam, a cyber criminal often impersonates a high-ranking corporate executive and sends a “spoofed” email to a carefully selected target that generally has access and authority to transfer large sums of money on behalf of the company. Unlike traditional phishing schemes, BEC scams are well researched. Successful hackers surf social media sites of the target employee, review corporate web pages for contact information, and read professional writings to gain insight into the corporate culture as well as the individual characteristics of the target employee. The objective is to convince the targeted employee to send money. In fact, there have been more than 8,000 victims and $800 million in losses, according to the FBI. Once the international law enforcement reports are tallied, the losses total more than $1.2 billion.

Just take a look at a recent example involving a transportation intermediary that was spoofed: The company routinely wire transfers funds as part of the course of doing business. The Accounting department received what appeared to be an email from its company’s president requesting that $150,000 be sent to Hong Kong. The request was actually from a spammer/hacker.

Another example involved an employee at a hydraulic component distributor that received an email order from what was believed to be a good customer requesting a product be shipped immediately. The employee noticed that the ship-to address differed from past orders but in an effort to keep their “good customer” satisfied, processed the order as requested. After the receivable hit the firm’s 45-day mark, the distributor contacted the customer only to learn that they never placed the order, which was valued at $25,000.

While there are no full-proof steps to eliminate the risk of a BEC scam, there are measures your firm can take to lessen your exposures. These include:

  • Reviewing wire transfer protocols.
  • Beefing up spam filters.
  • Learning to read subject/message headers, and trace IP addresses.
  • Never clicking on unfamiliar links or download unrecognized attachments.
  • If you manage your own email, auditing your system to see how it responds to SPF and DMARC (Domain-based Message Authentication, Reporting & Conformance) records.
  • If you own your own domain, filing DMARC records for it.
  • Verifying changes in vendor payment location by adding additional two-factor authentication such as having a secondary sign-off by company personnel.
  • Confirming requests for transfers of funds. When using phone verification as part of the two-factor authentication, use previously known numbers, not the numbers provided in the e-mail request.
  • Knowing the habits of your customers, including the details of, reasons behind, and amount of payments.
  • Scrutinizing all e-mail requests for transfer of funds to determine if the requests are out of the ordinary. If anything looks slightly suspicious, question it.

Specialized Insurance Coverage Available

Roanoke Trade partners with an insurance company that has recently made coverage available for this type of exposure in the form of an endorsement added to a Crime insurance policy. This add-on, the Social Engineering Fraud Endorsement, covers a range of social engineering fraud losses, including:

  • Vendor or supplier impersonation
  • Executive impersonation
  • Client impersonation

There are additional advantages with this coverage, including:

  • Full carve-back to the voluntary parting exclusion.
  • Broad all-risk language wherein loss does not have to occur through use of

computer, email or phone.

  • A streamlined supplemental application.
  • No requirement for vendors and suppliers to carry Crime or Fidelity insurance to trigger coverage.

As the Social Engineering Fraud Endorsement is a new offering, limited coverage is available, although higher limits may be considered with additional underwriting. The endorsement is ideal for larger businesses due to its minimum high premium and its underwriting requirements that obligate an insured to maintain or improve anti-fraud firewalls and procedures. Our professionals at Roanoke Trade are available to discuss this coverage with you. Just give us a call at 1-800-ROANOKE (800-762-6653).

 

 

 

Share This:

Related


2024 NCBFAA Scholarship & Application Announcement

Roanoke Insurance Group is delighted to once again sponsor  a $5,000 scholarship to students intending to join the trade industry. The National Customs Broker and Forwarder Association of America (NCBFAA) offers this $5,000 scholarship award yearly and will be presented to the winner at the NCBFAA annual conference in April 2024. The topic for this […]

Events, Industry Insights

What to Watch: Insurance, Regulatory Changes for Freight Brokers and Forwarders

By Glenn Patton, Managing Director, Roanoke Insurance Group Canada, Inc.   The following are several important issues regarding the insurance industry and regulatory changes that impact freight brokers and forwarders. With so many Canadian freight brokers and forwarders conducting cross-border business, U.S. regulatory changes affect the entire industry. Nuclear verdicts in liability cases in the […]

Industry Insights

We are pleased to announce Karen Rzeszutko has been named President of Roanoke Insurance Group, effective August 1, 2023!

Karen has been a part of Roanoke for nearly 20 years. During this time, she has shown exceptional leadership skills and technical expertise in multiple customer-facing positions, such as Head of Marine & Liability Underwriting and Head of Liability Claims. Her most recent role was SVP, Chief Underwriting Officer, Marine at Munich Re Specialty Group […]

Industry Insights

Roanoke is the leading provider of insurance and surety solutions for transportation and logistics providers. In fact, we are recognized as the most reliable source for U.S. customs bonds.

Contact

If you have any questions or need help, feel free to contact with our team.

800-762-6653

US CORPORATE HEADQUARTERS

1501 E. Woodfield Road

Suite 400W

Schaumburg, IL 60173


CANADA CORPORATE HEADQUARTERS

390 Bay Street

Munich Re Centre, 22nd Floor

Toronto, ON M5H 2Y2

Solutions that Go the Distance.

© 2024 Roanoke Insurance Group Inc. A Munich Re company

Better Business Bureau logoCoverholder at Lloyd's logo