Funds Transfer Fraud Insurance

Funds transfer fraud (FTF) is a common and relatively simple online crime that's becoming increasingly costly and even more sophisticated. Incidents and initial losses have skyrocketed by 78% since 2020 — averaging $388,000 — and the window to recover stolen funds typically lasts only 24 to 72 hours. Small businesses are being especially hard hit. Coalition claims data reports that organizations with less than $25 million in revenue experienced a 102% surge in initial FTF losses in the second half of 2021 with the number of incidents rising 54% since just the first half of 2021.

A relatively easy attack, funds transfer fraud, electronic funds transfer fraud (eft) or wire transfer fraud is often perpetuated through social engineering techniques like email spoofing, phishing or business email compromise (BEC). The FBI reported BEC as the highest-ranking cybercrime of 2021 in terms of losses ($2,395,953,296). In recent years, 41% of BEC attacks experienced by Coalition policyholders evolved into an FTF incident resulting in the direct loss of funds.  Once attackers gain access to an organization's email system, they can lie there and wait and watch — usually for a pending transaction such as a legitimate email with a request for funds. In other cases, by installing malware or from information gained on the dark web, they can get ahold of a list of the organization's suppliers or other business partners. Once this information is known, a scammer can masquerade as an individual or entity known to the company and try a number of common tactics including:

With more than one-third of corporate employees in America continuing work remotely in the wake of the ongoing COVID-19 pandemic, many scammers are taking advantage of the confusion and disruption in ordinary business operations, an increased reliance on third-party vendors, and many companies' hasty digital transformations.

Coalition’s FTF policy reimburses insureds for funds transfer losses incurred arising from a failure in security functionality or social engineering. However, that isn’t all our cyber insurance policy offers to remediate this type of attack. As part of Coalition's Active Response methodology, we will also pay the cost of legal representation and judgments. We even cover settlements when a third-party entity claims to have been induced to fraudulently transfer funds owed to a third-party due to a security failure on your network. (Sub-limit may apply. Please read the policy for all coverages, terms, exclusions, and conditions.)  Coalition will even jump in immediately to help recover the organization's lost funds — so victims don't have to face this stressful process during the brief (24 to 72 hour) window before criminals close their accounts or convert the funds to cryptocurrency. After receiving notification that a policyholder has experienced an FTF event, our claims team will file an IC3 report with the FBI (in the United States) and put an interbank agreement with the appropriate financial institutions to attempt to freeze and claw back the funds. In 2021, Coalition recovered 96% of the lost funds in cases where our claims and incident response teams managed to claw back funds. Effective recovery efforts are based on several factors, including the location of the receiving bank and the length of time since the transfer. While we cannot guarantee the successful recovery of funds paid to an attacker, we have a record of success on this front. For example, our swift response resulted in recovering all but $500 of the $1.3M paid to an attacker by one Coalition policyholder even though the policy had a limit of $500K for FTF losses.   Coalition is the only cyber insurance provider with a dedicated in-house Claims and Incident Response (CIR) team. While recovering funds usually signals the end of the incident, Coalition's Active Insurance philosophy drives our team to investigate further. We believe it’s critical to address the underlying cause of the fraudulent transfer. In addition to restoring infected mailboxes, our team conducts forensic analyses and investigates vulnerabilities and the initial vector for the attack — to help determine if there are other existing compromises (such as malware) that may lead to a future FTF or ransomware incident. Email is often the initial point of compromise for FTF attacks, and that can involve attackers lying in wait within company mailboxes, sometimes for months at a time. For example, when one Coalition policyholder in education fell victim to an FTF event, Coalition Incident Response team discovered 82 malicious logins to the Finance Director’s email account spread across four months. Fortunately, CIR was able to remove the attacker’s access and clean up the infected mailbox. Coalition also helps policyholders prevent funds transfer fraud before it happens. Coalition offers a wealth of resources to help businesses implement good cybersecurity practices.For example, our annual Cybersecurity Guide outlines the basic tenets of a cybersecurity program — a critical factor in reducing an organization’s cyber risk.

FTF attacks are on the rise, but quick action can help mitigate the extent of losses. If an organization believes a recent transaction, email, or other communication looks suspicious, here are some helpful steps to take. Remember: it's only during the first 24 to 72 hours that a reaction to an FTF event has any hope of success. Coalition policyholders who notice a wrong payment should immediately reach out to Coalition so our incident response team — available 24/7 — can launch into action right away. With the guidance of the Coalition Claims team, here are some helpful steps to take (policyholder or not):