Tales from the Trenches: Hacker Hits Three Times

Tales from the Trenches: Hacker Hits Three Times

The Scenario

A hacker infiltrated a client’s email and impersonated the client to the advisor/rep and instructed the advisor to liquidate stocks and wire funds to an account at the same bank as the client, however to the hacker’s account.  Because the bank was in Singapore, it was unique and it did not ring any alarm bells with the advisor/rep.  The scheme was conducted for three transactions totaling over $120,000 before it was revealed as fraudulent. When all said and done the hacker hits three times!

The Facts

In this case, the verification was conducted on only the first of the transactions and was done via email (not as a voice verification). The first fraudulent funds transfer was for $30,000.  Subsequent requests for a liquidation and transfer were not verified by voice or email verification. The client was supposedly not available for verification.  The home office was concerned about the lack of verification but the rep pressured the home office to do the transaction because it was a large client to him and he did not want to inconvenience the client who was on vacation. The home office approved the subsequent transactions of $45,000 each. The fraud was caught after the third, and an attempted fourth transaction, once the client returned from vacation and observed his account status.

The Outcome

Fortunately, the cyber policy was not restricted to covering only funds transfer frauds where a voice verification was conducted.  The cyber insurer recovered the funds in the third transfer while in transit to the fraudster and reimbursed the insured for the loss so the client was made whole.  However, the advisor was responsible for two deductibles totaling $50,000.

How to Avoid This Claim

Hackers are capable of impersonating a victim via email and by phone.  If they have the information to impersonate the client, they probably can change their profile records by inserting a new phone number and they can mask the emails to appear to be coming from and to the client, when in fact the communications are between the hacker and the advisor or the firm.  
Always implement dual verifications.  Always implement MFA (multi-factor authentication) on all devices and encrypt communications.