Insurers responding to losses posed by “whale phishing”: A.M. Best

Despite continuing unknowns around “whale phishing” – when criminals fraudulently lure organizations into transferring money or surrendering important information – the property and casualty insurance is responding, reports Christopher Giovino, director of forensic services for Aon Global Risk Consulting.

Commenting during a recent episode of A.M. BestTV, Giovino acknowledged “the industry is unsure how these scammers are getting their information; however, the industry is responding by rewriting crime policies and offering riders,” notes a press release issued late last week by A.M. Best.

Also called social engineering, the statement quotes Giovino as reporting that whale phishing cost companies more than US$214 million in losses between 2013 and 2014.

He defined whale phishing as “a form of computer-based fraud that involves executives, people in finance and the transferring of cash, typically by wire from the United States or offshore to another offshore account and then to another offshore account.” The financial person responsible for wire transfers receives an e-mail from someone representing himself as an executive in another company, requesting a specific person wire transfer money to a legitimate bank, he said.

“Since the e-mail has some familiarity in it to the receiver, he or she wires the funds believing the request to be legitimate. Once the funds reach the legitimate bank, within a day they are sent to an unknown account in a foreign country and disappear,” Giovino went on to explain.