Anyone who thinks Cyber Risk is only for large companies is mistaken. While complex cyber attacks on large corporations get all the news, it’s the smaller, well-organized scams targeting small and medium-size businesses that are doing the damage. It’s going on every day, businesses are being scammed, and nobody is talking about it.
On December 12th, 2014 a very authentic looking email was received at our office, that appeared to be an internal email, requesting our administration department to wire transfer $39,000. A Word document was attached with instructions.
The tone of the email was very authentic. Note that the domain on the “From email’ has been changed to .co from .com. – everywhere else in the message, the wedgwoodinsurance.com domain remains unchanged. Unless you read the email VERY carefully, it would be very easy for this to go unnoticed.
Wedgwood has a verification policy before any wire transfers are authorized, so we were able to prevent the bank from executing any instructions.
We had an investigation into this email, and advised the police – this was a very sophisticated fraud attempt.
- The original email was initiated from a South African IP address.
- The Point of Contact for the IP registrant was in Mauritius
- It was routed through a Canadian service in Western Canada.
- The wedgwoodinsurance.co domain was registered in Hamilton, Bermuda.
The information to create the fraudulent email was likely gathered on the internet and our own website. This was not created by some school kids for a lark; this was a coordinated, highly organized fraud.
At Wedgwood, we’ve put resources into cyber awareness, training, mitigation, and prevention. We were almost fooled. How many companies have been victims of a cyber attack like this and would publicly admit it?
This is what Cyber Risk looks like – it’s not just hackers trying to plant viruses, steal information or get through firewalls. It’s also the coordinated gathering of information from various sources to enable criminals to be able to use electronic or other means to steal personal information or money.
BASIC STEPS TO PREVENT CYBERCRIME
- Don’t rely on your IT team – it’s not their only job
- Train your team on how to detect/prevent scams, phishing emails etc;
- Get outside oversight on your network and it’s vulnerabilities
- Put policies/procedures in around technology usage and security
Contact our team of professionals at Wedgwood Insurance Limited today for resources to help support your cybersecurity efforts. We have the know-how to ensure you have the right coverage in place to protect your business from a data breach.