Phishing targeting executives now the number one cause of cyber security insurance claims
According to one leading Cyber Liability Insurer, AIG, business email compromise (BEC), commonly referred to as phishing, has overtaken ransomware as the number one cause of cyber security insurance claims.
Written by Paul Brown on 25th September 2019
The global insurance giant claims that BEC attacks, often targeted at senior executives, have increased from 11 per cent of claims to 23 per cent of claims between 2017 and 2018.
These attacks rely upon the recipient engaging with the content of a phishing email allowing intrusion into the user’s inbox. Typically, the user follows a link directing the recipient to a bogus login screen. As soon as the victim enters their credentials, they are captured by the cyber-criminal who then has the necessary information to login to the victim’s email account. The perpetrator is then able to send and receive emails from the victim’s email address and access all the information in the victim’s email inbox.
Criminals will often target individuals responsible for sending payments, using spoof accounts to impersonate a supplier, and requesting money transfers. However, other attacks will be after any information that they might be able to lift from the user’s email inbox, for example intellectual property and other trade secrets and anything else that could provide a monetary gain.
In addition, "impersonation fraud", which is also typically via email, now accounts for a further eight per cent of all cyber security insurance claims. In total, attacks initiated by email including BEC, ransomware, phishing and impersonation fraud account for 49 per cent of all cyber insurance claims received by AIG.
The majority of users are now familiar with the concept of phishing emails, but criminals are evolving their scams to catch them unaware. One such recent development turns the impersonated CEO scam upside down and involves an email from an impersonated employee telling their employer that their personal bank details have changed. Most firms will now be checking account changes from suppliers, but their payroll department is less likely to check changes of employee bank accounts.
Phishing awareness campaigns and robust systems are ever more important in the fight against cyber-crime, but firms should understand that most email based losses rely on a degree of human error, which is difficult to eradicate.
Speak to your usual Franklands contact to see how Cyber Liability Insurance will provide valuable protection for your business.