Race Against the Clock to Recover $1.3M from Business Email Compromise
Business email compromise is a frequent vector for a variety of cyber crimes that may take months for hackers to launch. Funds transfer fraud is one of the most potentially costly attacks, since it can take less than 48 hours for any chance of recovering stolen funds to evaporate. Coalition’s fast response made a $1.3 million difference to this childhood education nonprofit.
Early Childhood Education
Funds transfer fraud
Due to Coalition’s swift response, we managed to claw back all of the money except $500
An education in fraud from business email compromise.
This nonprofit institution for childhood education learned a lesson when threat actors secretly compromised the Finance Director’s email account.
Four months passed as the attackers searched the policyholder’s mailboxes for terms related to finance, banking account information, payment, and funds requests. Next, the attackers set up rules to move a series of legitimate emails from the policyholder’s inbox to their junk folder.
The attacker spoofed the nonprofit’s legitimate domain, set up email rules to divert replies, and sent compromised attachments. They sent an email to six people facilitating two very large fund transfers of roughly $620,000 each — totaling nearly FTF$1.3 million. The subject line was “Change banking service,” citing COVID-19 as the reason.
Shortly after the payments were made, employees received emails requesting gift cards. Additionally, the policyholder did not receive the proper confirmation of funds received. They knew something was wrong.
The policyholder quickly realized an event had occurred and reached out to the Coalition Incident Response (CIR). CIR sprung into action, changed the passwords of the compromised account, and forced a global password reset.
Coalition’s Claims team coordinated with law enforcement to file a report and stop the funds from being transferred. CIR also put in a takedown request to remove the fraudulent domain, preventing the policyholder from receiving additional fraudulent emails from that domain. Due to our swift response, we managed to claw back all of the money except $500.
Coalition provides Active Risk Assessment of an organization’s real-time cyber risk, Active Protection through continuous threat monitoring, and Active Response to incidents if they occur — providing the most comprehensive insurance available to solve cyber risk.
Ready to learn more?
Our brokers and policyholders get access to all of the intel we have on how to prevent, remedy, and recover from breaches of all kinds.
We’re bringing a new approach to managing digital risk, and the world has noticed. Here’s what people are saying about Coalition.
We’re a team of experts, backed by powerful partners, developing a safer world.
Coalition’s products are offered with the financial security of Allianz Group* (A.M. Best A+ rating), Arch Specialty Insurance Company (A.M. Best A+ rating), Ascot Group** (A.M Best A rating), Fortegra Group (A.M. Best A- rating), Lloyd’s of London (A.M. Best A rating), Swiss Re Corporate Solutions*** legal entities (A.M. Best A+ rating), Vantage Risk Specialty Insurance Company (A.M. Best A- rating), and Chaucer Insurance Company DAC (A.M. Best A rating).
© 2024 Coalition, Inc. | Licensed in all 50 states and D.C. | CA License # 0L76155
* Insurance products are offered in the U.S. by Coalition Insurance Solutions Inc., a licensed insurance producer and surplus lines broker. Insurance products may not be available in all states, For further details see here. ** Insurance products may be underwritten by Ascot Specialty Insurance Company, Ascot Insurance Company, or an affiliated company, which are members of Ascot Group. *** Insurance products may be underwritten by North American Capacity Insurance Company, Swiss Re Corporate Solutions America Insurance Corporation, or an affiliated company, which are members of Swiss Re Corporate Solutions. Fortegra® is the marketing name for the service contract and insurance operations of the subsidiaries of The Fortegra Group, Inc.