The Crooks Are Not Staying At Home
By Tim Kolacz
As the world works inside of the new walls surrounding us in the global pandemic that is Covid-19, we may think that we are safe from the crooks, cybercriminals, and other bad actors that normally plague our society. This is not true. They are out and even more creative in getting to you, your data, and your cash-money.
Cyber attacks are actually up in the past 20 days from just the twenty days prior. Why? Because we are all mostly working from home, where our connections to our data are far less secure than they are while in the office. The bad guys know this, the bad women know this. They know that we are less able to keep that data safe. Maybe we are using a flash drive to move documents back and forth. Maybe we are emailing client information over a non-encrypted server or email client. Perhaps you just don’t think about any of the above stuff and are hoping that your 15-year old who is your IT department is able to help. Please re-evaluate that program.
In the past 6 days I received a phone call indicating that a business had been hacked in the newest way yet. The call I received goes like this:
A couple of days ago my client noticed that their systems were running slow and that almost no phone calls were coming into the office. On Friday, they get full-on attacked, no phones were working and an email from the actual email of the office manager goes to their bank telling the bank to transfer over $300,000 to a bank in Hong Kong, to do it now and to call the owner to verify as needed.
The bank, seeing that it is a large amount, actually calls. The phone rings, phone is answered, “ ‘Owners Name of the Company’, how can I help you? Yes, I authorized it, yes, here’s, my date of birth….” They had everything imaginable, because they spent several days researching all the emails and had access to their entire system.
It turns out that the hackers got into their Voice Over IP systems, called their carrier and told them that they had been hacked and that all passwords needed to be changed immediately and to give him all access. It was done. They then sent emails to the bank. The banker that they deal with every day just happened to be in the branch and came up to the person that was authorizing the transfer. She looked at it and figured it was odd, and so she called again. The same person answered and said he was the owners name. The bank, to their credit, then asked if “Alex” has approved the transfer. “yes, Alex approved it.” The banker immediately hung up the phone and cancelled the transfer that was in process. The company does not have an Alex working for them.
The banker stopped the transfer and saved the money from going out the door. Still today, the company does not have access to their phone system as the hackers got so deep into it, the carrier doesn’t know how to get it back out.
So a couple of things we learned here. Have a great banker. Have them know you personally. Talk to them frequently even when you don’t have pressing business; in fact, that is the best time to talk to them, when you don’t need anything. They get to know your voice, your business, and your transferring of money activity. The better they know you, the better they can save your bacon on a day like this.
Now, for the insurance side of it. If the transfer had gone through, there may have been coverage under the Computer & Funds Transfer Fraud section of the Crime policy as it wasn’t the people in the business authorizing it, but the hacker themselves. It may also be covered under a Social Engineering coverage; or maybe even under one of the Cyber liability coverage parts in your Cyber Liability program.
As there are several layers to a banking relationship, there are several layers to an insurance relationship. The better your broker knows you and your business, the better they can serve you. Get to know them better; or, get to know me. We can Zoom.
Tim Kolacz works with his clients so that they are covered as best they can be. He also likes cold beer and smoked pork. Call him when you get some time, have questions, or want to Zoom a beer with him 951.779.8730.