Cyber criminals are opportunistic, often opting to target businesses based on technology and processes rather than industry. One of the easier methods to monetize cyber crime is funds transfer fraud (FTF), which is often perpetuated through social engineering techniques like phishing or business email compromise. Once criminals have access to your business mailbox, they can manipulate your contacts and modify payment instructions, sometimes without even triggering any security alerts.
Criminals can also send you a change in payment instructions that purports to come from a customer or vendor via a lookalike email domain or by compromising the customer or vendor’s email system. A critical aspect of addressing cyber risks, including the risks associated with email and what to do in an FTF case, is understanding the coverages under your cyber insurance policy.
Coalition’s Most Popular and Comprehensive coverage bundles include several first-party coverages that help remediate a cyber incident. For example, our Funds Transfer Fraud coverage can help replace lost funds, while our Breach Response coverage pays for the costs to respond to a cybersecurity incident, including incident response, customer notification, legal feeds, and advice in connection with the incident.
When email compromise leads to thousands of dollars lost
Generally, an FTF event begins with a phishing email or business email compromise (BEC), followed by social engineering. According to our H1 2021 Claims report, in 2020, 41% of BEC attacks evolved into an FTF incident resulting in the direct loss of funds. The losses can be staggering. Attackers identify their victims, steal their credentials, and log in to their accounts, where they employ several different tactics to gain access to funds.
The average amount of funds stolen increased 179% from the first half of 2020 to 2021, from $116,842 to $326,264. – Claims Report
The cost associated with an FTF event is enough to devastate many businesses. Thankfully, Coalition’s policy reimburses insureds for funds transfer losses incurred arising from a failure in security or social engineering. However, that isn’t all our cyber insurance policy offers to remediate this type of attack. After receiving notification that a policyholder has experienced an FTF event, our claims team will work with law enforcement and the appropriate financial institutions to attempt to claw back the funds. Effective recovery efforts are based on several factors, including the location of the receiving bank and the length of time since the transfer. While we cannot guarantee the successful recovery of funds paid to an attacker, we have a record of success on this front. For example, our swift response resulted in recovering all but $500 of the $1.3M paid to an attacker by one Coalition policyholder even though the policy had a limit of $500K for FTF losses.
Cyber crime continues to increase like never before, and while ransomware may be in the limelight, FTF cases are also on the rise. In our H1 2021 Claims Report, Coalition saw a 28% increase in FTF cases. However, we recovered 95% of the lost funds in H1 2021 cases where our claims and incident response teams managed to claw back funds.
Mitigate and react: 48-72 hours to recover from an FTF event
As with most things, Coalition needs your help to solve cyber risk. Policyholders should be vigilant and ask questions before initiating a funds transfer. If you receive a new or change in banking information, call the requestor at their last known phone number and never rely on email alone to confirm the validity of any financial transaction. For international transfers, be sure to double-check the validity of all transfer information before sending any payments. Also, we recommend all organizations turn on multi-factor authentication (MFA) for email as many FTF events start with an attacker accessing your email service. Finally, the moment you notice a wrong payment, reach out to Coalition. Time is of the essence, and we are more likely to recover funds within 48-72 hours of the transfer.
Incident and breach response
Successfully recovering funds may seem like the end of the incident, but companies must also address the underlying cause of the fraudulent transfer. Email is often the initial point of compromise for FTF attacks, and that can involve attackers lying in wait within company mailboxes, sometimes for months at a time. For example, when a Coalition policyholder in education fell victim to an FTF event, Coalition Incident Response (CIR) discovered 82 malicious logins to the Finance Director’s email account spread across four months. Fortunately, CIR was able to remove the attacker’s access and clean up the infected mailbox.
Tip: All policyholders with an issue, please call 24x7 toll-free at +1 833 866 1337 or email email@example.com as soon as you think your business has been the subject of a cyber attack or incident. The sooner, the better.
Coalition pays for the costs to respond to a breach — including incident response, customer notification, legal feeds, and advice in connection with the incident. Coalition is the only cyber insurance provider with a dedicated in-house claims and incident response team. CIR will help remediate the event that allowed the attacker to gain access to your network, conduct forensic analysis, and restore the infected mailboxes.
Protect your business: get insured
Coalition offers comprehensive coverage for the cyber risk exposures facing businesses today. Cyber insurance is a key factor in addressing and mitigating cyber risk. It can help minimize any exposure and impact and quickly facilitate remediation if your business is the target of a cyber incident. If you have questions about our claims process or want to be connected to a broker, feel free to reach out to our team. If you’re a broker interested in offering Coalition cyber insurance to your clients, click here to get appointed.
Additionally, Coalition offers a wealth of resources to help businesses implement good cybersecurity practices. Coalition’s cybersecurity guide outlines the basic tenets of a cybersecurity program — a critical factor in reducing your organization’s cyber risk.