April 27, 2020 by David Gambrill
The business email from your chief financial officer seems innocent enough: “Hey Larry, the client changed their bank account information. Can you send them money to their new bank account number?”
Under ordinary circumstances — that is, before the novel coronavirus pandemic triggered an exodus of Canadian P&C industry workers from out of their offices — you could easily walk down the hallway to the CFO’s office and ask, ‘Hey Samantha, did you just ask me to send a client’s money to a new bank account?’
But now that most of the Canadian P&C industry is working remotely from home, the procedures for checking these things out are maybe not that straightforward. The email seems authentic, but is it?
Canadian Underwriter will be exploring these and other emerging cybersecurity issues in Part Two of its COVID-19 webinar series: Business Continuity in the Digital Age.
A panel of three experts will discuss emerging cyber threats during the COVID-19 pandemic, best practices in cyber protection, and what cybersecurity may look like in a post-pandemic world.
The webinar panellists will include Eduard Goodman, global privacy officer at CyberScout, Tim Zeilman, vice president and global product owner—cyber at HSB, part of Munich Re, and Philomena Comerford, president and CEO of Baird MacGregor Insurance Brokers LP and Hargraft Schofield LP.
Increasingly, the types of business emails illustrated in the above hypothetical example are likely to be a scam.
A recent U.S. study of business executives by Zogby Analytics for HSB, a provider of cyber insurance and services, found more than a third (37%) of organizations polled had received an email from someone pretending to be a senior manager or vendor requesting payments.
Almost half (47%) of the individuals receiving those emails responded by transferring company funds, resulting in losses most often in the $50,000 to $100,000 range (37%) and rarely less than $10,000 (only 11%). The scam is convincing because cyber thieves in many cases gain access to business email accounts and assume the false identities of company managers.
And you can expect these types of cyber threats to escalate during the COVID-19 pandemic, as cybercriminals try to take advantage of Canadians working remotely from home to reduce the spread of the novel coronavirus, warns Zeilman.
“It’s more important than ever to pay attention to safe cybersecurity practices and make sure you verify requests for payments,” he said. “Don’t rely on email alone – call the person and confirm the payment is legitimate before releasing any funds.”