Becoming Cyber-Sophisticated: Spear Phishing Prevention Tips for Your Business

December 29, 2015

Have you or any of your employees received an email requesting that you transfer funds to a bank or vendor? Did you transfer the funds to only find out later that the email was a fake and now the funds are gone? If so, you, like so many others, were the victim of a Spear-Phishing Attack!

Spear Phishing, also known as Social Engineering Fraud or Fraudulent Impersonation, targets a specific individual via email with the intent of deceiving the individual into transmitting funds, releasing confidential information, etc. In most cases, once the funds have been transmitted, it is extremely difficult to recover them.

So how does this happen? The criminals, who are generally located outside of the United States, target corporate executives and gain access to their emails. They make minor changes to the executive’s email address and then send an email to an employee requesting that funds be wired. This has cost corporations millions of dollars in not only the loss of the funds, but also the investigation and potential litigation costs.

Insurance coverage is available for this type of fraud. It is generally provided by way of an endorsement to your Crime Insurance policy. While purchasing the insurance is advisable, the best defense to a claim like this is prevention.

Spear Phishing Prevention Tips

So how do you prevent becoming a victim of Fraudulent Impersonation? The following are some suggested practices for mitigating these types of losses.

  • Education and training are the number one avenues to risk mitigation.
  • Develop procedures requiring two or more employees to sign off on any wire transaction.
  • Prior to transmitting funds to a new bank or vendor, a telephone call must be made to the original bank/vendor and specifically to a previously established contact.
  • Provide frequent communication to employees regarding Social Engineering Fraud and what to do if an employee suspects suspicious activity or a potential attack.
  • Conduct third party computer network penetration testing on a regular basis to monitor the effectiveness of the corporation’s controls, training, etc.

It is highly unlikely that Social Engineering Fraud will lessen. In fact, it is projected to increase in both frequency and sophistication. But knowing what it is, how it is perpetrated and how to avoid it will help your organization from becoming a victim to it.

Nicholas M. Cushmore, ARM
Vice President
The Graham Building
Philadelphia, PA, 19102
215-701-5422
SAVE AS PDF >
Nicholas M. Cushmore,

ARM, AINS, Vice President

ncushmore@grahamco.com

215.701.5422
Tags: Property and Casualty Cyber Liability Insurance Cyber Risk Cyber Security Claims Cyber Extortion
RECENT POSTS
Family Planning in the Modern Workplace: How Employers Can Enhance Family Planning Benefits to Boost Employee Well-Being
Family Planning in the Modern Workplace: How Employers Can Enhance Family Planning Benefits to Boost Employee Well-Being

Dec 03, 2024

Stay Cyber Safe: Holiday Shopping Tips for 2024
Stay Cyber Safe: Holiday Shopping Tips for 2024

Nov 05, 2024

Is Your ‘‘Pay-If-Paid’’ Provision Sufficient As A Surety Defense?
Is Your ‘‘Pay-If-Paid’’ Provision Sufficient As A Surety Defense?

Sep 10, 2024

No One Is Immune: The Critical Importance of Cybersecurity and Vendor Management
No One Is Immune: The Critical Importance of Cybersecurity and Vendor Management

Sep 03, 2024

RELATED POSTS
Mastering Wire Transfer Security: Best Practices for Protecting Your Organization
Mastering Wire Transfer Security: Best Practices for Protecting Your Organization

Apr 23, 2024

Hurricane Preparedness is Key to Managing Risk: 2023
Hurricane Preparedness is Key to Managing Risk: 2023

May 30, 2023

2023 Property Insurance Renewal – Brace Yourself
2023 Property Insurance Renewal – Brace Yourself

Feb 21, 2023

2023 Cyber Market Update
2023 Cyber Market Update

Feb 21, 2023

Manage Cookies