Protect Your Business: Lessons from a Recent Whale Phishing Incident

Summary 

Recently, a prominent realty firm in Pune fell victim to a sophisticated whale phishing attack, losing Rs. 49 lakh. Fraudsters, posing as the company’s CEO, used fake caller IDs and deceptive messages to manipulate the firm’s CFO into transferring funds to fraudulent accounts. This incident highlights the growing threat of whale phishing, a targeted form of cyber attack focusing on high-profile individuals within organizations.

Key Details of the Incident 

• The CFO received a missed call from an unknown number, followed by a message with instructions to transfer Rs. 49.6 lakh.
• The caller ID app showed the name of the firm’s CEO, lending credibility to the request.
• A follow-up call on the firm’s landline further convinced the CFO that the directive was legitimate.
• The next day, upon verifying with the actual CEO, the CFO realized it was a scam and reported the incident to the cyber police.

Is This Event Covered by Cyber Insurance?

Coverage under Cyber Insurance: – Most comprehensive cyber insurance policies cover incidents of social engineering fraud, including whale phishing attacks conducted through electronic means. However, incidents not conducted through electronic methods, such as phone calls, may not be covered by most cyber insurance policies. It’s essential to review the specific terms of your policy to confirm coverage.

Negligence Considerations: – Additionally, insurance companies may consider negligence on the part of the CFO in the following scenarios: Not having direct contact details of the CEO. Verifying the CEO’s number through an unreliable source like Truecaller. Failing to double-check the details over email, WhatsApp, or other secure communication channels.

Given these considerations, it is more likely that the event would not be covered by Cyber Insurance.

Is there any other policy in which a coverage can be obtained?

Crime insurance can also cover such fraudulent activities, particularly when they involve employee manipulation and fund transfer fraud.
Policies typically cover theft, fraud, and other dishonest acts, regardless of the medium used.

How and to What Extent Are These Events Covered under insurance?

• Cyber Insurance: Typically covers financial losses due to fraudulent fund transfers conducted through electronic means, subject to policy limits and terms. Coverage may include associated costs such as forensic investigations and legal fees.
• Crime Insurance: Provides coverage for direct financial losses due to fraud and theft, including employee dishonesty, irrespective of the medium used. The extent of coverage depends on policy specifics, including limits and deductibles.

What Other Costs Become Imperative to Manage Such Events? Can they be covered?

Apart from the actual financial loss other costs like Investigation Costs, Legal Fees, Notification Costs, Public Relations Costs, Business Interruption Costs may also come into picture post such events.
Both cyber and crime insurance policies can cover many of these associated costs. Policies often include coverage for investigation, legal fees, notification, PR, and business interruption costs, helping businesses manage the fallout effectively.

What are other recourses?

Enhanced Security Measures: Implementing stricter security protocols to prevent future attacks.
Employee Training: Conducting regular training sessions to raise awareness about phishing and other cyber threats.
Advanced Verification Tools: Using sophisticated tools for caller ID and email verification.
Regulatory Compliance: Ensuring adherence to industry regulations to mitigate risks.
Comprehensive Insurance Coverage: Maintaining both cyber and crime insurance policies to provide a robust safety net against diverse threats.

Key Takeaways

In light of rising cyber threats, having comprehensive cyber and crime insurance is crucial for businesses. These policies not only cover financial losses but also help manage various costs associated with cyber and fraudulent incidents. By understanding the scope of their coverage and implementing preventative measures, companies can better protect themselves against such sophisticated attacks.