Dec 29, 2015

Becoming Cyber-Sophisticated: Spear Phishing Prevention Tips for Your Business

Have you or any of your employees received an email requesting that you transfer funds to a bank or vendor? Did you transfer the funds to only find out later that the email was a fake and now the funds are gone? If so, you, like so many others, were the victim of a Spear-Phishing Attack!

Spear Phishing, also known as Social Engineering Fraud or Fraudulent Impersonation, targets a specific individual via email with the intent of deceiving the individual into transmitting funds, releasing confidential information, etc. In most cases, once the funds have been transmitted, it is extremely difficult to recover them.

So how does this happen? The criminals, who are generally located outside of the United States, target corporate executives and gain access to their emails. They make minor changes to the executive’s email address and then send an email to an employee requesting that funds be wired. This has cost corporations millions of dollars in not only the loss of the funds, but also the investigation and potential litigation costs.

Insurance coverage is available for this type of fraud. It is generally provided by way of an endorsement to your Crime Insurance policy. While purchasing the insurance is advisable, the best defense to a claim like this is prevention.

Spear Phishing Prevention Tips

So how do you prevent becoming a victim of Fraudulent Impersonation? The following are some suggested practices for mitigating these types of losses.

  • Education and training are the number one avenues to risk mitigation.
  • Develop procedures requiring two or more employees to sign off on any wire transaction.
  • Prior to transmitting funds to a new bank or vendor, a telephone call must be made to the original bank/vendor and specifically to a previously established contact.
  • Provide frequent communication to employees regarding Social Engineering Fraud and what to do if an employee suspects suspicious activity or a potential attack.
  • Conduct third party computer network penetration testing on a regular basis to monitor the effectiveness of the corporation’s controls, training, etc.

It is highly unlikely that Social Engineering Fraud will lessen. In fact, it is projected to increase in both frequency and sophistication. But knowing what it is, how it is perpetrated and how to avoid it will help your organization from becoming a victim to it.

Nicholas M. Cushmore, ARM
Vice President
The Graham Building
Philadelphia, PA, 19102

Similar posts

The State of Insurance in 2019

The new year is upon us, and although what the next 12 months will hold is uncertain, it is part of our job to stay ahead of industry trends. We keep reading >

What You Need to Know About Cyber Liability Insurance

In today’s news headlines, a week doesn’t pass without a mention of a large company experiencing some type of cyberattack or breach. Examples of high-profile cyberattacks in the news over keep reading >

Volume X, Issue 1: Q1 2018

In this issue, Graham Company announces our refreshed branding and new website. Carl Bloomfield and Bette McNee also discuss the important difference between employee satisfaction and employee engagement. SAVE AS keep reading >

Cyber & Construction: Understanding Your Risks

From last year’s Equifax breach to the highly publicized WannaCry and NoPetya attacks, cyber incidents have quickly become one of the top risks facing companies across almost every vertical. Chubb, keep reading >



We’re happy to answer any and all of your questions. Let us help you find coverage solutions that work best for you.
contact us >