Phishing Attack from Phony Email Invoice Costs Town

A town in Massachusetts suffered a phishing attack last December. And what seemed a routine transaction turned costly. To the tune of more than $100,000.

An employee received an email from what they believed was one of their vendors. The “vendor” wanted payment with a wire transfer. This wasn’t unusual. The town did pay some of its bigger vendors via a wire transfer.

But cyber criminals had designed the phony email to look real. So the payment of $102,000 was made in late January of 2022. Every dime went to the cyber criminals in on the scam. Fortunately for the town, they hope to be paid by their cyber insurance carrier $92,500 of that total.

Fake invoicing isn’t the only phishing scam affecting municipalities and governments. Ransomware is also a major concern. This is where hackers block access to data unless a ransom is paid.

We found reports of 79 ransomware attacks on U. S. Government organizations in 2020. Losses were estimated at an astounding $18.88 billion. That includes recovery costs and downtime.

5 Things You Can Do To Protect Against Cyber Attacks

What can you do to protect yourself against these serious cyber threats? We went to one of our major commercial insurance carriers, The Travelers, for answers.

Here’s their advice:

1. Build continuous cyber security training into your organization. Keep your employees updated with the latest threats. Test them to see how they react to phishing and other social engineering activities. Include advice on how to protect your network when working remotely. And on mobile devices.
2. Encrypt and back up your critical data. Imagine not having access to any of the important information you have online. And only able to get to it after paying a ransom to cyber thieves. Data encryption translates data into another form, or code. That way only people with a decryption key or password can read it. And back up is the creation of another version of your files that is stored elsewhere.
3. Check with third-parties or cloud providers that you share data with. Make sure their information security policies are as strict as yours.
4. Have paper containing sensitive information that you no longer need? Have a policy for shredding it.
5. Get cyber insurance. Scalzo, Zogby & Wittig can help you here. Every organization is unique, whether you’re a government entity, business, or non-profit. We’ll advise you as to the right coverage for your situation.

For example, you may face liability if your customers’ information is exposed. And there may be defense costs, notification costs, and credit monitoring responsibilities.

What if malware is downloaded from an email? That could lead to lost, encrypted, or otherwise damaged files. There would be costs to repair and restore the data.

Also, insurance carriers offer free cyber risk management. The goal is to prevent data breaches in the first place. In the case of The Travelers, policy holders can access services from Symantec. This includes a coaching session. And online assessments to identify problem areas where you can improve security. Employee training videos are also included.

The upshot: if your organization uses information technology, you are exposed to cyber-attacks. Call us about managing that risk for your peace of mind…and the peace of mind of your customers.

Until next time,
Your SZW Team

PS. Find out more about cyber security in previous articles on our blog:

Cyber Security Major Concern for Business

5 Cyber Security Trends to Watch for in 2021

Business Concerned with Cyber Security But Is That Enough?

SZW Insurance is your Utica area Trusted Choice™ independent insurance agent. Call us for a quote on insurance for your home, car, business, or life at 315.792.0000. Or request a quote here.