Quality Management System
Fake CEO Email Lures $480K Transfer, Cyber Insurance Policy Denies Coverage of Loss.
A company gets cyber insurance and the insurance company refused to cover a cyber security loss of $480,000 despite the fact that Chubb had insured the victimized company for computer fund transfer fraud.
In the Chubb case, it is noted that the fraudster seemed familiar with the nature of the longstanding and trusting relationship between the accountant and the CEO. The fraudster in this case may have had access to emails between the two. These “fake CEO email” tactics often include email correspondence written with context, vocabulary and style matching the CEO’s normal email interactions.
In this case, the fake CEO email to the accounting director Glen Wurm allegedly said: “Glen, I have assigned you to manage file T521. This is a strictly confidential financial operation, to which takes priority over other tasks. Have you already been contacted by Steven Shapiro (attorney from KPMG)? This is very sensitive, so please only communicate with me through this email, in order for us not to infringe SEC regulations. Please do no speak with anyone by email or phone regarding this. Regards, Gean Stalcup.” Wire instructions followed in a subsequent email with a request to transfer $480,000 for due diligence costs associated with a purported acquisition.