LMC Insurance & Risk Management
  • About Us
    • Leadership
    • Wisconsin Office
    • Accessibility
  • For Business
    • Property Casualty
    • Employee Benefits >
      • Iowa Health Insurance Pool
      • Share to Compare
    • Financial Services
    • Surety Bonds
    • Risk Management
    • Cyber Security
    • Executive and Owner Risk Management
  • Industries
    • Construction
    • Healthcare
    • Higher Education and Nonprofits
    • Hospitality
    • Manufacturing
    • Petroleum
  • Personal
  • Contact Us
    • Report A Claim
    • Iowa
    • Wisconsin
  • Careers
    • Open Positions
  • Online Tools
  • Blog
  • About Us
    • Leadership
    • Wisconsin Office
    • Accessibility
  • For Business
    • Property Casualty
    • Employee Benefits >
      • Iowa Health Insurance Pool
      • Share to Compare
    • Financial Services
    • Surety Bonds
    • Risk Management
    • Cyber Security
    • Executive and Owner Risk Management
  • Industries
    • Construction
    • Healthcare
    • Higher Education and Nonprofits
    • Hospitality
    • Manufacturing
    • Petroleum
  • Personal
  • Contact Us
    • Report A Claim
    • Iowa
    • Wisconsin
  • Careers
    • Open Positions
  • Online Tools
  • Blog

Welcome to the LMC Blog

Business Compromise Scams Continue Climbing

3/10/2021

 
Business Compromise Scams Continue Climbing
​While companies scramble to protect themselves against cyber criminals and malicious attacks on their servers, there is a growing amount of business compromise crime that uses both technology and a human touch to extract funds from businesses.
Businesses have lost millions of dollars to social engineering scams, where attackers impersonate a company president or executive who is authorized to approve wire transfers to trick employees into transferring funds into a fake client or vendor account.

In other social engineering scams, employees may actually get a phone call from the criminal who tells them he is an accountant for a client company or a manager in order to get them to transfer funds or divulge banking information.

According to the FBI's Internet Crime Complaint Center, in 2019 U.S. businesses were hit with an estimated 23,775 business e-mail compromise scams that resulted in aggregate losses of $1.7 billion. Figures for 2020 are not yet available.

Vishing, or voice phishing, attacks have been growing, but the COVID-19 pandemic put it into overdrive. The FBI in January 2021 warned of an increase in vishing attacks targeting employees working remotely in the pandemic, and of the heightened risks companies face when network access and broadening of online privileges may not be fully monitored.

Remote workers are good targets because they are more isolated and distracted. Also, they do not have onsite support and are often less vigilant about cybersecurity than when they are working in the office.
 
How to train employees
Providing practical employee phishing training is key to keeping your company safe. The following are activities and tips to help you train employees to stay vigilant.

The FBI and CISA advise companies to:
  • Consider instituting a formal process for validating the identity of employees who call each other,
  • Restrict VPN connections to managed devices only (meaning not on employees' personal devices),
  • Restrict VPN access hours, and
  • Employ domain monitoring to track the creation of or changes to corporate brand-name domains.
 
Remote workers should be more vigilant in checking internet addresses, more suspicious of unsolicited phone calls and more assertive in verifying the caller's identity with the company.

When training staff, you should:
  • Explain what exactly vishing and phishing is, how it happens, and what risks it poses on a personal and company level.
  • Explain the different methods of phishing attacks, including but not limited to those listed above.
  • Train your workers in identifying signs of phishing attacks, like emails with erroneous spelling and grammar, incorrect email addresses (for example BobS@Startbucks.com), and fraudulent URLs.
  • Train your staff in recognizing phishing links, phishing attachments and spoofed emails. Additionally, your employees should know what steps to take after they identify a threat.
  • Conduct phishing simulation training during which employees are sent fake phishing emails. The results should be shared with them to show them how they fell for the scam and the damage that being duped into clicking on a malicious link can cause.
 
Insurance
As vishing and business email compromise scams increase, more employers are seeking to add coverage in their commercial crime policies. Typically, these policies have been used to cover losses for internal theft, but lately about 50% of claims are for losses related to phishing and vishing scams.

The price of social engineering coverage varies by risk and limit, but it can often be added to a crime policy as a rider.  
​
One thing though: social engineering coverage will often have lower limits than a typical commercial crime policy because of the risk of much larger financial losses than a company could expect from internal theft or white-collar crime perpetrated by an employee.

Comments are closed.
    We're here to help.
    ​1-800-677-1529
    ​
    Email Us
    Follow @lmc_insurance

    Categories

    All
    Compliance
    Construction
    COVID 19
    COVID-19
    Cyber Security
    Directors And Officers
    Employee Benefits
    Executive Benefits
    Healthcare
    Higher Education
    Human Resources
    Manufacturing
    News
    Personal Insurance
    Property And Casualty
    Risk Management
    Wellness
    Workers Compensation

    Archives

    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    August 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017

    While every effort has been taken in compiling this information to ensure that its contents are totally accurate, neither the publisher nor the author can accept liability for any inaccuracies or change circumstances of any information herein or for the consequences of any reliance placed upon it. This publication is distributed on the understanding that the publisher is not engaged in rendering legal, accounting, or other professional advice or services. Readers should always seek professional advice before entering into any commitments.
LMC Insurance & Risk Management
​About   |   Blog   |   Contact

Iowa
4200 University Ave, Suite 200 
West Des Moines, IA 50266-5945
Wisconsin
8500 Greenway Blvd., Suite 201
​Middleton, WI 53562
 © 2021 LMC Insurance & Risk Management. All rights reserved. Privacy policy.