26 Apr How can a cyber event occur in the Strata Industry?
How can a cyber event occur in the Strata Industry?
Social engineering fraud is one of the fastest growing threats to Australian businesses. It can be an elaborate fraud that sees fraudsters use a variety of techniques to deceive and manipulate victims into voluntarily giving out confidential information or transferring funds.
The scams are predominantly carried out online, for example by email, or through social networking sites, however, they can occur by telephone or in person.
Business email compromise scams accounted for 63% of business losses reported to the Australian Competition and Consumer Commission (ACCC). The rapid rise of social engineering attacks has prompted the ACCC to encourage businesses to review processes for verifying and paying invoices immediately.
In a recent case study, a Strata Manager purchased furniture on behalf of the Owners Corporation.
The supplier then sent an email stating there had been a possible double payment received and they were to refund the Owners Corporation.
The Strata Manager found that no double payment had been processed through their system, so they advised the Owners Corporation to check with the Committee if they knew anything about a double payment.
Before the Strata Manager received any response from the Owners Corporation, they received an email from the supplier to say that they had processed the refund as per the Strata Manager’s instructions.
The Strata Manager had not given instructions; therefore, they called the furniture company immediately and had them forward the email containing the instructions.
The copy of their bank receipt and the email they sent through showed that email came from a fraudulent email address (made to look similar to the Strata Manager), providing account details that the Owners Corporations does not bank with.
The Strata Manager called the supplier straight away to explain that the email/instructions were fraudulent and to call their bank straight away to recover funds. They then provided the Owners Corporations bank account details over phone as per internal procedures.
A cyber insurance policy should be part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when it’s IT security, policies and procedures fail to stop an attack.
Don’t wait until it’s too late – click here to obtain a Cyber Insurance quote online in a matter of minutes.
If you have any further questions regarding Cyber Insurance and how it can protect your business in the event of a data breach, contact Vikram Choudhry on 1300 880 494.