(Photo: Worldwide Facilities)

The 2018 Internet CrimeReport from the FederalBureau of Investigation's (FBI's) Internet Crime Complaint Center(IC3) shows wire transfer fraud is currently a major threatto businesses. 

According to the report,business email compromise (BEC) is one of theleading risks, with manufacturing andconstruction being the most targeted industriesin 2017 and 2018. BEC usuallyinvolves a social engineering tactic that occurs after a hackercompromises a business's email and attempts to forge wire transfersto anonymous accounts (often offshore), which makes tracing themmore difficult. The manufacturing and constructionindustries have been generally slow to secure cyber policies toprotect from this threat, making them a prime target forhacking.

According to the U.S.Treasury, attackers tend toshift their strategies over time to make it more difficult to anticipate a hack.Fraud often occurs when an employee unwittinglydiscloses passwords to a hacker. Hackers may lurk for some time,reviewing outgoing wire transfer requests to test the amounts andeven learn the tone of email exchanges relating to wire transfers.Hackers then target vendors of that business—or the businessitself—to request or initiate fraudulent wiretransfers. 

In 2018, IC3 reported 20,373 BEC compromises with losses totalingover $1.2 billion. Compare this number with the 2017 IC3 report, in which BEC reports totaled 15,690 and adjusted lossestotaled only $676 million. According to ZDNet, BEC losses doubled in 2018 compared with2017. While hackers undoubtedly targeted millions of businesses, ittakes only one hack to walk away with millions of dollars inplunder. 

The staggering increase in frequency and losses highlights theimportance of social engineering training for companies and theiremployees. In addition, the proper endorsements on cyber insurance policies can mean thedifference between coverage and no coverage.

While many risk managers feel confident they have these threatsquarantined with virus protection or other tactics, socialengineering hacks can bypass standard protection and other systemsby communicating directly with unsuspecting employees. A skilledsocial engineering hacker can fool even the most sophisticated employee. Itis important for corporate risk managers to understand the breadthand depth of these escalating threats.

Payroll fraud transfers areanother type of BEC scam. Hackers seek logins for payrollprocessing systems and divert money to other accounts. The mostaffected sectors have been education, healthcare, and commercialair transportation—but, as CNBC recentlyreported, all types ofbusinesses are potential targets for payroll fraud.

Adding social engineering and invoice manipulation fraudcoverage to cyber policies can help provide coverage when a threatstrikes. Social engineeringcoverage can apply when a misled employee initiates a transferbased on written or verbal communications received from a bad actorposing as a customer or a vendor.

Invoice manipulation fraudcoverage can cover losses experienced by the company's clients orvendors if its employees initiate a transfer of funds to a hackerbased on fraudulent instructions received following a compromise ofthe company's email system. The instructions look legitimatebecause the company's actual email system sends the instructions.The receiver, not realizing the account has been compromised, is aneasy target because they are expecting theinvoice. 

These social engineering risksare on the rise across the globe. An experienced wholesaler whounderstands the exposures and coverage limitations can help yourecommend the appropriate coverages to yourinsured. 

Matt Donovan ([email protected]) isan assistant vice president and professional lines broker withWorldwideFacilities, a nationalwholesale insurance broker, managing general agent and programunderwriter.

This article first appeared on Worldwide Facilities' websiteand is republished here with the author's consent.