Many companies across all industries are experiencing numerous social engineering attacks that are creating widespread negative impacts. Social Engineering Fraud occurs when a fraudulent party acts as a legitimate business associate, vendor, client or employee. In the process, this fraudulent party will trick an employee at the targeted organization via email, fax or telephone to transfer money or securities. These types of requests occur daily and thankfully, many are able to spot the erroneous request and ignore it but others do not see the warning signs and transfer money to the wrong person.
A recent article dives into the issues of Social Engineering and how this topic has impacted the legal industry. From a coverage perspective, which policy would cover a fraudulent wire transfer from a law firm? Is it covered under Lawyers Professional Liability, Crime, or even Cyber? Ultimately, the incident could impact any of these policies or all three! It depends on the incident, the specific facts of the wire fraud and many other factors. This is extremely important for organizations to proactively consider these threats so they can appropriately structure their insurance program to ensure that they would be covered if a social engineering/wire fraud incident were to occur.
Whenever an employee needs to conduct a legitimate wire transfer, there are some important points to remember to ensure you are not the victim of a social engineering attack.
- If you receive a request for a change in payment instructions,
- Verify the change with your contact on file for the account.
- Call a valid number that you have on file for the account to verify that the change in instructions is legitimate.(Do not call the phone number given in the change request.)
- If you wire money, confirm the receipt as soon as possible with the intended recipient. If the intended recipient did not receive the money, you will know quickly that there is a problem.
If you determine that you are the victim of Social Engineering Fraud on a wire transfer, notify your bank and the FBI IC3 – Internet Criminal Complaint Center immediately. The FBI IC3 recently reported that they have been successful in recovering funds 75% of the time— as long as they are quickly notified of the incident. If not reported quickly, the money may be lost.
As Social Engineering Fraud continues to develop and increase in frequency and severity, organizations need to understand their potential exposure for this type of loss. Contact an RCM&D advisor to review your current insurance program and help to ensure that you have insurance coverage in place to help respond to this type of loss should your organization become a victim of Social Engineering and Funds Transfer Fraud.