One of the most common causes of loss for businesses in the cyber sphere is so-called CEO Fraud, or Business Email Compromise (BEC). According to the FBI’s Internet Crime Complaint Center (IC3), “the BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300 percent increase in identified exposed losses, now totaling over $3 billion.” CEO Fraud is usually initiated by an email that appears to come from a high-level executive and instructs a lower-level employee to immediately wire a large amount of money to a business account because it’s critical for a client, an account, or a transaction. These fake emails or “spoofed” emails are commonly referred to as “phishing” attacks.
CEO Fraud attacks have different levels of sophistication, but are rarely blind attacks.
- They typically target an employee that has a reasonable likelihood of having the authority to send the wire.
- They impersonate an actual executive in the company who has the authority to send the instruction.
- They often do research to make a credible case; the client name will appear familiar and the employee who gets the email will believe it came from their boss.
CEO Fraud has only increased dramatically over time, and many attacks and losses go unreported to law enforcement, who rarely have the resources to pursue it very far. Even if they do, the money is almost always sent overseas and the jurisdiction is limited, which hampers recovering the funds.
Instead, most clients look to their insurance coverage to recover the funds — and for victims of CEO Fraud, often there is none. First, “cyber policies” make very clear distinctions between first-party losses by the insured and third-party losses.
In our next post, I will examine the differences between first- and third-party losses. In the meantime, if your business has been a victim of CEO Fraud or you think you are at risk, contact us today!
Ryan J. Cooper, Esq., CIPP/US
600 Linden Place
Cranford, NJ 07016