Real-life Cyberscams Part 2
August 2, 2024
As you read in part one of our real-life scams, Cybercrime is occurring every day in Australian small businesses like yours. It is not just large corporate that are being targeted and no matter how small you are, you are still at risk as you will see from more of these examples.
Yep, they are real and they have happened to businesses just like you.
Medical clinic
Incident
A small health clinic discovered that an unauthorised third party had gained remote access to a server that contained electronic medical records. The third party posted a message on the network stating that the information on the server had been encrypted and could only be accessed with a password that would be supplied if the clinic made a “ransom” payment.
Outcome
They contacted law enforcement and determined that the payment ($2,500) should be made. The payment constituted cyber extortion monies under the policy. Furthermore, loss of business income amounted to $65,000 and IT forensic costs of $5,000 were paid in accordance with the coverage provided by other sections of the policy.
Payment: $72,500 in ransom, forensic IT and lost business income costs
Real estate agent
Incident
The agent’s emails were accessed by a hacker who posed as them and sent multiple emails to the real estate agents bank instructing for funds to be transferred into the hackers bank account. When they discovered that 3 unauthorised payments had been made totalling $3,000,000, they immediately contacted their bank to freeze the funds. They were able to recover $2,800,000 of the unauthorised transactions.
Outcome
They appointed lawyers and an IT forensic consultant to assist the real estate agent in repairing the damage to their system which was caused by the hacker. As they had the optional Social Engineering cover under their policy, they were reimbursed for the direct financial loss of the $200,000 uncovered fraudulent transfers as well as their forensic and legal costs.
Payment: $230,000. The Insurer then issued separate recovery proceedings against the fraudsters to recoup the amount of the loss along with the excess paid by the real estate agent.
Accountant
Background
A director of an Accountancy Practice noticed that some documents on their server had been deleted. Further investigations were undertaken and it was discovered a hacker had been accessing their system for the past 2 months.
Outcome
There insurer hired an IT Forensic Consultant to review their systems. It was discovered 800 client files had been accessed which included private details such as driver’s licenses and passport numbers. A specialist firm was appointed to monitor whether any client identities were stolen or sold as well as a law firm to advise on the data breach issues and draft a notification letter to all affected parties. It was determined that the Accountancy Practice had to report the incident to the Privacy Commissioner and the appropriate steps were taken to secure the information they held. Remediation costs were also covered to rectify any issues with the Accountancy Practices system.
Payment: $90,000.
Property developer
Incident: Following the sale of 2 properties, the developer was required to make a payment of $400,000 to their property consultant. On the day the payment was due, they received an email from the consultant advising their banking details had changed. The Property Developer requested that this be sent to them in writing on the consultant’s letterhead which they received, including the signature of the director of the consultancy company. The Property Developer was later chased by the consultant for payment at which time it was discovered that the email and letter had been fraudulent. They contacted their bank to stop the payment and were informed that the money had already been withdrawn and transferred overseas.
Outcome
The Property Developer made a claim on their Cyber policy which triggered the optional Social Engineering cover. An IT forensic consultant identified that the hacker had infiltrated the consultants system and intercepted correspondence between the Property Developer and the consultancy firm. They were reimbursed for the outstanding funds.
Payment: $250,000.
If you don’t have Cyber Insurance, please reach out to one of our dedicated team after you have downloaded our free Cyber Guide.