overseas from countries such as Viet-
nam or Taiwan. The scammers get into
the vendor’s system and watch them for
months, just waiting for the opportunity
to hijack the account.”
They strike when the opportunity
arises, sending an e-mail that says some-
thing like, “Hi, Catherine, we’re moving
our bank account and here are the new
details for the wire transfers.” Morrissey
says that this may go on for a week or as
long as a month without anyone realizing
what has happened.
“No one knows the money has gone
out of the door until the vendors say they
haven’t been paid,” he explains and the effects on the companies can be devastating.
In addition to the money lost, the fraud
can damage the vendor relationships. It
can be difficult to find another vendor
who provides the same computer chips,
electronic components or raw materials
the purchasing company needs.
The standard verbiage on some insurance policies says they will cover any loss
due to a computer virus, but insurers
didn’t intend to cover these types of claims
and many are being sued for not honoring
this wording in their policies, Morrissey
says. Like the cyber policies that have
been developed over the past two years,
insurers are also writing social engineering endorsements that will cover losses for
fictitious vendors and other related frauds.
In addition to purchasing insurance,
training staff will be a critical factor in
preventing social engineering fraud.
Companies must have internal controls
in place or an insurer may not honor the
social engineering endorsement.
The problem, says Morrissey, is that
“they’ve been dealing with a supplier for
five years. When the request comes in,
they just routinely handle it since they
thought they knew the person who sent it.”
Training prevention should include
sending out bulletins and e-mails to any-
one who as the ability to touch money.
Any requests should be reported to the
individual’s supervisor. Security should
be notified, as well as the IT department
and the company’s risk manager. “No one
should do anything unilaterally,” empha-
Foreign offices and subsidiaries should
also be aware of the protocols and how
social engineering fraud is perpetrated.
The danger may often be greater for these
offices since they may not be aware of
what is transpiring.
Morrissey says he believes that the
goal of these gangs is “to penetrate every
American company that has operations
outside of the U.S.” And that is a very sobering thought.
GET STARTED NOW AT ITELINC.COM
FAST. ACCURATE. PROVEN.
THE ITEL MOBILE LAB APP.
Apple® and the Apple logo® are trademarks of Apple Inc., registered in the U. S. and other countries. App StoreSM is a service mark of Apple Inc.
© 2012 Google Inc. All rights reserved. Google Play™ store is a trademark of Google Inc.
It’s why more carriers, adjusters, contractors,
and ;ooring stores are using the ITEL Mobile
Lab app. You get accurate, independent lab
analysis for your ;ooring, roo;ng, and siding
claims on your ;rst visit to the loss.
FAST AND ACCURATE LAB REPORTS
IN LESS THAN 30 MINUTES.