A Business Email Compromise scam (BEC) is costing businesses of all sizes millions of dollars according to news reports.
Just last week, these new reports surfaced that business email scams have begun to targets art galleries and art dealers in a malicious plot to infiltrate email servers and scam art buyers into sending B2B payments to fraudulent accounts.
As these new scams rise in prevalence, new questions are raised for businesses as well, specifically regarding whether or not these cyber attacks are covered by cybersecurity insurance. A Canadian court recently ruled on this topic according to Insurance Business Canada on Monday (Nov. 6).
In the case, Brick Warehouse LP v. Chubb Insurance Company of Canada the Alberta Court of Queen’s Bench sided with the plaintiff and ruled that cyber insurance purchased by Brick Warehouse does not cover what reports described as a “social engineering attack.”
Brick was hit with the BEC scam in 2010 when a scammer claiming to be from Toshiba sent a message to the company’s accounts payable (AP) department. The fake email tricked the AP department into sending over payment details via fax.
Days later, another fake email, this time from someone claiming to be a Toshiba controller, told Brick’s accounts payable department that Toshiba’s bank information had changed and advised the AP department to begin making payments to a new account. After more days passed, another scammer called the department to confirm Brick received the new banking information.
According to reports, Brick did not take precautions to confirm that the new banking information was, in fact, a legitimate account owned by Toshiba. Brick sent $338,000 via wire to the fraudulent account.
The fraud was not detected until a legitimate representative from Toshiba contacted Brick to notify the company Toshiba had not been receiving any payments. Brick was able to recover about $113,000 of the transfers, reports said.
Brick submitted a claim to Chubb for about $225,000 in 2011, according to reports, but the insurance company denied to cover the claim on grounds that Brick’s own instructions to transfer money were not fraudulent.
Read the full story over at PYMENTS.