With reported losses from thousands of dollars to well over $1 million, funds transfer fraud represents 27% of cyber insurance claims in 2020.
The bad guys are in search of one thing and one thing only – figuring out a way to make money. Some go the ransomware route and others steal data and sell on the dark web. But, according to cyber insurer Coalition’s H1 2020 Cyber Insurance Claims Report, the interest in funds transfer fraud has not only grown since COVID started, but has also increased 35% this year over 2019.
Nearly a third of the funds transfer fraud-related cyber insurance claims (29%) came from the Consumer Discretionary sector (which includes automotive, household durable goods, textiles & apparel and leisure equipment - among others), with Financial Services in second place.
According to the report, 45% of cases were unable to recover the funds transferred, demonstrating the importance of catching the fraudulent activity early on. In cases where the fraud is detected quickly, 84% of funds were able to be recovered.
Coalition point out that most funds transfer fraud claims involve the following social engineering techniques:
- Invoice Manipulation – This usually involves either using a compromised third-party email or having specific pending transaction details enough to fool the victim.
- Look-alike Domains – Impersonation is often used where the cybercriminal uses a domain with an added/subtracted/swapped character in the name to trick the victim into believing the email requesting funds is legitimate.
- Email Spoofing – This is the simplest form, as in the CEO credit card scam (where the email purports to be from the CEO’s personal email address). Sometimes just looking like it *could* be from someone legitimate is enough to fool the victim.
Users that are involved in any way with your organization’s finances should undergo new school Security Awareness Training to educate themselves on how the bad guys attempt to fool them, what real-world scams look like, and steps they can take to keep from being the next victim.