Blog, Cyber - July 10, 2023
Cyber Crime Claim Scenario
1604, 1604, brett-jordan-LPZy4da9aRo-unsplash (1), brett-jordan-LPZy4da9aRo-unsplash-1.jpg, 4160056,,, , 4, , , brett-jordan-lpzy4da9aro-unsplash-1, inherit, 1539, 2023-08-17 09:20:48, 2023-08-17 09:20:48, 0, image/jpeg, image, jpeg,, 5184, 3888, Array

In the business world, insurance should never be purely transactional. Leaders must recognise the importance of staying in touch with their broker, and have a consistent relationship where both parties value each other.

Not only does this allow you to adapt your risk protection as your business evolves, ensuring your insurance cover aligns with any internal or external developments, it also means you’ll benefit from the numerous advantages of working with a broker in the first place.

When the worst happens, a strong relationship with a competent broker can ensure prompt and efficient claim assistance. Take a look at the following scenario to see just how important this partnership is…


Social engineering in emails

Email-led social engineering, also known as phishing, is a prevalent form of cyber attack that relies on deceptive emails to manipulate individuals into taking harmful actions or divulging sensitive information.

Phishing emails are designed to appear legitimate, often impersonating reputable organisations or individuals. They typically contain urgent or enticing messages, prompting recipients to click on malicious links, download malicious attachments, or provide their confidential information like passwords, credit card numbers, or account details.

These social engineering attacks rely on exploiting human psychology, often by creating a sense of imminence, fear, or curiosity. Attackers may use various techniques, such as claiming an account will be closed unless immediate action is taken, or by posing as a trusted entity requesting sensitive information.


The scenario

This scenario is based on a genuine incident one of our clients suffered. Please note, we’ve changed some of the details to protect their confidentiality.

Cyber attackers intercepted an email trail discussing a refund. After giving false bank details in the email trail, they followed up with a spoof email address. In addition, they copied the signature of the business in question, so when the finance manager called the number to verify the bank details, someone answered to do just that, further enhancing the scam’s sophistication.

Weeks went by before their client chased up the refund. Eventually, they discovered that the payment was sent to the wrong account, leaving our insured out of pocket, and having to pay the refund again.


The outcome

RiskBox got involved and immediately set insurers in action. Usually cyber incidents are incredibly time sensitive, but in this instance, the insured had already undertaken checks to ensure their network was now secure, so the insurers could focus on collating the facts without the time pressure.

The insured initially sought to get the payment reimbursed through their bank, but that was refused. Often, such attacks can be quite complicated, and it’s not always possible to get help from your bank even when you think you’ve done everything you could. This is why cyber crime cover can be vital to a business. Insurers stepped in and made the payment to the client, minus the excess.


How to stop it happening to you

Social engineering, as demonstrated in the above scenario, is constantly evolving, getting more advanced and difficult to detect. Here are some tips to avoid falling into this trap:

Double-check the detail – Scrutinise the email address you receive a request from. Often, a small spelling mistake such as a ‘0’ (number) instead of an ‘O’ (letter) can send you to a hacker instead of your client.

Verify – Whilst our client attempted this, use alternative means. If something has changed, such as the bank details, don’t just call the number on the email footer. Search your client’s website for a number, or ring your known contact rather than relying on email signatures.

Training – As seen in the streaming series, Mr Robot, people are almost always the weak link. That’s why social engineering is such a risk. Try to improve this by training your team to identify potential incidents, so they know how to act when they spot them.

Remember, the best defence against email social engineering scams is a combination of scepticism, caution, and ongoing awareness of the latest phishing tactics. When in doubt, it’s always better to err on the side of caution, and report suspicious emails to your management or IT company.


Let RiskBox help

Insurance can be a minefield, but RiskBox is here to change this. We’re an agile and independent insurance broker, providing a personal service and giving genuine advice.

Our expertise in niche sectors means you’ll get the right protection for your business – and if it does come to a claim, you won’t be abandoned. We’ll do all we can to make sure it’s dealt with fairly, quickly, and transparently. To speak to our team, call 0161 533 0411 or fill in our contact form.


Photo by Brett Jordan on Unsplash

Latest blog posts

Read more
Contact Us

Have your own insurance challenge?

Get in touch with the RiskBox team for a solution.
You can reach us on 0161 533 0411 or
Alternatively, click the button below and fill in our contact form.
Chat with us