Emerging Risks, LLC
Emerging Risks, LLC
  • Home
  • Consulting
  • About Emerging Risks
  • News, Articles, and Updates
  • Partners, Affiliates and People we think are cool
  • Sales Effectiveness / Five Secrets
  • Home
  • Consulting
  • About Emerging Risks
  • News, Articles, and Updates
  • Partners, Affiliates and People we think are cool
  • Sales Effectiveness / Five Secrets

News, Updates, Articles and more

Law Firms Vulnerable to Social Engineering Loss

9/11/2017

0 Comments

 
​Social Engineering is an ongoing issue. Sometimes called Cyber Crime, Impersonation Fraud, or Cyber Deception, the concept of Social Engineering is manipulation of an employee to voluntarily part with money.  Think of it as a con man getting you to hand over your wallet.
 
Wikipedia defines Social Engineering:
  • Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
https://en.wikipedia.org/wiki/Social_engineering_(security)
 

Recently, I saw a claim from a law firm (names have been changed to protect the innocent.  In August, The Firm had been 'engaged' by a Client (we'll call it Bob's Waffles) to collect a debt from another company (Jim's Syrup).  The Firm sent an engagement letter to Bob's Waffles, which they signed.  They accepted the case on contingency.  The Firm then engaged in the debt collection process.  On August 31, the Firm received a check from Jim's Syrup for $105,000 to settle the debt.  On September 1, the Firm wired $101,000 to Bob's Waffles (the $105,000 less the $4,000 contingency that the Firm collected).  
 
As I am sure you could have predicted, the check that was purported to be from Jim's Syrup has bounced.  (They really should have waited for the check to clear the origin bank.)  The Firm has paid out $101,000 to Bob's Waffles, who of course has stopped responding to any request for communication.  This entire fraud took a very short time (total timeline is less than two weeks).
 
The items that are still unclear to me:  Was Bob's Waffles a client before all this happened and was there any other relationship?  (My guess is no.)  Was Jim's Syrup a real company or one made up for the purpose of committing this fraud?  (My guess is not a real company.)  It sounds to me like someone duped the law firm into believing they were a real client and a real debtor when both were fake (and probably Nigerian princes).
 
Thankfully, through the wise and persistent efforts of our amazing production and service teams, the client has a high quality Cyber policy with Social Engineering including the Enhanced Cyber Crime coverage features.  Policy has a $125,000 limit for Social Engineering loss subject to a $5,000 retention.
 
We reported the claim.
 
And it looks like the loss will be covered.  We triggered the "Claim" and "Financial Fraud" sections of the policy.  
 
So, message to all of us:  
1. Cyber Crime or Social Engineering in the Cyber policy may be very broad and may pick up losses that other policies will decline.  And, 2, Law firms are probably being targeted for this kind of scam and very vulnerable.  
 
Moral of the story:  Don't buy a Cyber policy (or Crime policy) without this coverage. 
 
And know what you are getting because policy language matters, a lot.
0 Comments

    Author

    Monica M. Minkel,  RPLU, MLIS, cyRM, CPLP  has been working exclusively with Directors & Officers Liability, Professional Liability, Cyber Liability and related products for nearly 20 years. She started her interest in finance by loaning money to her mom at age 11 (complete with a loan agreement and competitive interest rate). She is passionate about all things in the financial industry and the way technology is changing the way capital markets function.

    Archives

    January 2021
    April 2020
    October 2019
    October 2017
    September 2017
    December 2016
    September 2016
    June 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    September 2015
    August 2015

    Categories

    All

    RSS Feed


Powered by Create your own unique website with customizable templates.