In the first quarter of 2018, financial institutions experienced an increase in social engineering attempts. These schemes rely upon an internal process that either isn’t fully followed or isn’t fully developed, providing an opportunity to thieves (and also to an improvement in controls). In short, a fraud relies upon a spoofed email to an individual within an organization, and purports to be the CEO or CFO. The goal is to cause an employee to process a payment for a fake vendor, and the fraudsters benefit in the windfall of ill-gotten gains.
The first and most important step to identifying the fraud is awareness. These losses do happen, and they are targeted and they are successful. Internal policies can help support awareness, and training within the organization is important, especially within accounts payable departments. These policies should be robust, and address processes for vendor verification and payment confirmations.
Controls around vendors should include policies requiring confirmation of requests for changes to account information, mailing address and emails. Internally, dual confirmation should be secured for the establishment of a new vendor, for authentication of payments, and for confirmation of completion of services or product delivery. Relying exclusively on an email from one individual, regardless of position, should be specifically prohibited without a process of verification.
These losses can be sizeable and happen to organizations of all sizes. While larger organizations may be an attractive target, small and mid-size organizations may offer less sophistication in the accounts payable process and be a better target for fraud. External attempts for phishing should be monitored, and information should never be shared externally to someone calling in asking questions. The process established by an organization should be protected, and training in combating phishing and spoofs should be conducted annually to educate employees and heighten awareness.
When a loss happens, having the right insurance can help. Berkley FinSecure offers coverage to address this exposure, and a suite of products designed to protect financial institutions with the financial strength and expertise to support them.
Make Sure Your Financial Institution Clients Have the Right Coverage for Social Engineering
Contact any one of the FI insurance experts below for help in making sure your FI customers have the right coverage from a strong, stable company!
|VP Sales and Distribution/Great Plains Region
|Great Lake Regions