Scammed - cyber risks could be defeated with a simple phone call

A company was a victim of a “purchase order scam.” For everyone’s benefit, let’s explain how purchase order scams work. Initially, bad actors email businesses misrepresenting themselves as trusted clients looking to place an order. Bad actors build rapport with sales agents and place large orders on credit. Then, immediately preceding shipment, bad actors insist on changing the shipping address. If met with resistance, bad actors apply pressure. For example, bad actors may claim they will suffer unbearable hardship or that your business relationship will be damaged. Sales agents usually mail the order, but as soon as it arrives a mule forwards the product to the bad actor’s true location. Thirty days later, when payment is not received, the victim learns the order was fraudulent. Fortunately, by changing a few internal processes and securing the right insurance coverage, you can significantly reduce your company’s risk.

First, since bad actors send emails misrepresenting themselves as trusted clients, it is important to verify the sender is who they represent themselves to be. To verify the sender’s identity, hover over their email display name with your mouse. Hovering over the email display name will reveal the sender’s true email address. When an email display name does not match the email address, it should raise a red flag.

Second, since the last-minute address change is vital to the scam’s success, verify the new address belongs to your client. First, input the new address into a search engine. This helps because bad actors regularly ship to storage facilities or single-family homes with no connection to your client. Next, regardless of what you find, call your client using a known phone number. Since bad actors may be intercepting your client’s email, or spoofing their phone number, it is critical that you place the call using a trusted phone number.

Finally, before becoming a victim, consider conducting a pre-loss insurance program diligence review. In this case, an advocate may have suggested securing an optional social engineering fraud endorsement with limits tailored to your risk tolerance. Second, an advocate may have reviewed your crime policy for computer fraud coverage. Third, an advocate may have examined if this cyber peril would trigger non-affirmative (silent) cyber coverage. Many “all-risk” insurance polices cover perils, unless excluded. Thus, if your policy does not expressly exclude a cyber peril, coverage may apply. Since cyber threats and insurance coverages keep evolving, it is crucial to understand what your policy covers, what your policy excludes, and what limits apply.

In sum, proactively identifying and investigating red flags may prevent you from becoming the next purchase order scam victim. However, even if you do become a victim, having appropriate coverage in place will reduce your company’s overall financial exposure.

Kevin Galezewski

Kevin Galezewski, AIC, is a senior consultant at Advocate Claim Service where he applies his expertise from more than a decade in the property and casualty insurance industry. Kevin previously served as a subrogation professional, arbiter, and electronic vandalism lead. Currently, Kevin attends Marquette University Law School and is an active member of the Alternative Dispute Resolution and Real Estate Law Societies.

Advocate Claim Service takes the anxiety out of claims. We are licensed insurance professionals with significant insurance claims experience across a wide array of coverage lines who can bring clarity to any insurance program. We also conduct proactive insurance program diligence reviews.

Want to have your question, comment, or concern addressed in an article or arrange a private conversation? Send inquiries to:

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.