Recently, a rural NC county was hit with a string of phishing email attempts, one of which was successful resulting in $4,000,000 in losses.
Phishing is a cyber attack of sending fraudulent communications that appear to come from a reputable source. We want to explain a few key parts to help you address internal controls:
- The phishing attacks used either assumed or prior knowledge that a government construction contractor was commonly paid by wire transfer and ACH payment.
- The phishing attacks were repetitive not complicated.
- The phishing attacks were successful through a single employee not following verification protocols to vendor account information.
While cyber insurance can respond to losses of this nature – the policy payout is often sub-limited outside of the total policy limit, excluded completely by policy form, or require proper internal accounting controls to respond to a loss.
Learn more about best practices and cyber insurance.
Learn more about this particular phishing incident.
