When agents and brokers noticed a trend of losses finding no recourse within traditional insurance, Chubb did some research of the marketplace to see if a solution could be found.
It was learned social engineering was luring corporations’ employees into transferring criminals money—a lot of money—using trickery such as spear-phishing, or impersonating vendors, clients or even executives within the company. This is known as a social engineering attack.
This “human hacking” is definitely on the rise said Chris Arehart, global product manager for crime insurance at Chubb Group. And it is costing companies big money. Early this year money-transfer company Xoom disclosed it was the victim of this type of fraud, resulting in $30.8 million fraudulently transferred to overseas accounts.
It also cost the company’s new CFO his job.
Arehart said one study by Check Point Software Technologies revealed nearly half of all businesses worldwide reported being the victim of at least one social engineering attack in 2001 resulting in losses from $25,000-$100,000.
“When a company realizes the loss, it may seem like crime loss but it isn’t,” Arehart explained. Crime insurance covers against losses that result from money taken from a policyholder, not money voluntarily handed over—even if it was part of criminal scheme.
In order to answer the call, Chubb in 2014 introduced a crime insurance endorsement to help protect companies from social engineering fraud losses.
For many “black hats,” it is considered easier to cash in on the trust of others rather than hack into computer systems.
“They hone in on our desire to be helpful or to follow orders,” Arehart said. Chubb tells its policyholders to be as wary of system weakness posed by the human element as much as companies are concerned with defending against computer hackers and other network system threats.
In one scenario a attacker poses as a senior executive and tells the employee to wire transfer money into an account for a ‘super-secret’ deal hinging on the transfer. This is called “fake presidents fraud.”
“Employees act on these instructions because they want to follow orders,” said Arehart, Adding salt in the wound, wire transfers cannot be recalled.
To help companies, Chubb created a Guide to Preventing Social Engineering Fraud, which is available at no charge.
In short, Arehart tells clients three best practices:
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
