While data breaches and ransomware attacks have continued to be splashed across the news, a quieter, but just as dangerous, form of cyberattack has been business email compromises and social engineering fraud. These cyberattacks can take many forms, all of which ultimately result in money being wired to fraudsters.
In some instances, the fraudster poses as an employee, sending an email that looks like it came from the employee’s account, and duping someone else at the company into wiring money to the fraudster. A variation of that is a fraudster posing as a vendor of the policyholder, telling the policyholder that the vendor has changed bank accounts for payment of invoices, resulting in the policyholder making payment to a fraudster’s account and the actual vendor going unpaid. The latest variation of this type of attack involves hackers who actually gain access to the policyholder’s email accounts, sending emails directly from the policyholder’s account, and directing wires and other payments to be made to fraudsters.