Investors and the companies they invest in have significant wire transfer fraud exposure and should be taking steps to protect themselves. Protective steps typically include basic security procedures (see below) and comprehensive Cyber Insurance including funds transfer fraud coverage. A recent example demonstrates how badly an investment wire transfer can go wrong.
Cyber related crimes are significant and growing fast, and both investors and private companies are significantly exposed. Parties to an investment transaction often do not use basic protections when wiring funds. Parties typically include investment funds, such as venture capital and private equity funds, along with individual investors, such as angel investors, and private companies, startups and other recipients of investment capital.
Wire transfer fraud is also called fraudulent funds transfer (FFT), BEC (business email compromise), and social engineering fraud (SEF – see here). And it is growing again.
Cyber criminals seek out funds transfer situations with minimal protections, and capital raises and liquidity events, funded with wire transfers, are a lucrative opportunity. Buyers and sellers may be infrequent wire transfer users and protective measures may not be in place. In addition, a reliance on third parties, such as closing agents and law firms, to execute funding increases the opportunity for problems.
Case Study: Shareholder Sellers Lose Proceeds to Hackers
The investment environment creates the perfect opportunity for cyber criminals to enrich themselves, as the following example shows:
Two stockholders lost their share of $130 million in proceeds from the sale of a company. Hackers used deceptive emails to convince the parties to send funds to the hacker’s account outside of the US. It does not appear that basic protections were used. The funds have not been recovered, and litigation has ensued (here, here, here). The transfer agent and law firm in the middle are also targets (here).
What can you do?
- Education: Awareness training for all employees
- Two Step External: Phone or other alternative confirmation of wire transfer instructions
- Two Step Internal: Require multiple internal authorizations for wire transfers
- Trading Partners: Provide notices & education to clients, vendors & investors warning of the potential for wire transfer fraud
- Strong Security: Obvious; cyber security is critical
- Cyber Insurance: does your policy include coverage for fraudulent funds transfer? Ask us to review, we can help
Risk management information and resources are widely available on the web (see here, here for example), but a few simple steps can increase protections. People are the primary vulnerability and a good place to start:
Investment funds, angel investors and private companies (startups) should acknowledge the wire transfer fraud exposure and take preventive steps to protect their exposure. Any organization can be a target of a cyber-attack, and Cyber Insurance is a critical component of any cyber security plan (here).
We can help. Let us review your current Cyber Insurance coverage and provide alternative coverage which includes wire transfer fraud coverage.
eSpecialty Insurance is your specialty insurance expert. Try our online Cyber Insurance Quoting Portal for immediate Cyber Insurance pricing. We look forward to working with you.