CFC Underwriting warns about Christmas cyber risk

CFC Underwriting warns about Christmas cyber risk | Insurance Business

CFC Underwriting warns about Christmas cyber risk

Cyber criminals can get even more creative around Christmas time, so businesses and individuals need to be on their guard, warns specialist insurance provider CFC.

The holiday season has created a number of cyber risks over the last few years, with hackers taking advantage of increased e-commerce, charitable activity, and time spent online, CFC said. Here are the most prevalent risks that the company’s cyber incident response team has seen emerge in 2020:

Settling accounts
At the end of the year, many businesses are settling their accounts – but they need to be cautious about any invoices they receive, CFC warned. Attachments from unknown sources can contain malicious code that can encrypt businesses’ computer systems – and sometimes even expected invoices can be fraudulent. CFC said that it has dealt with cases of invoice fraud in which hackers breached suppliers’ systems, doctored invoices with new bank account details, and sent them to expecting recipients, who ended up paying a bill to a fraudulent account.

Gift card scams
CFC’s cyber incident response team has noted a type of CEO fraud related to gift cards. It involves a seemingly legitimate email purportedly coming from a senior executive within a business, asking an employee to buy gift cards as client gifts. That “executive” then emails again to request the unique codes on the back of the gift cards, supposedly to expedite the gift-giving. However, the executive’s email has been spoofed, and the request wasn’t legitimate.

“This has proved to be a particularly effective attack method with so many people working remotely where it’s not as easy to quickly ask someone to verify something,” CFC said.

Bargain hunting
With businesses cutting corners due to the pandemic, many are hunting for the best prices for employee and client gifts. CFC has noted an increased number of fake websites operated by cyber criminals. These sites allow hackers to steal the details of any payment card entered on the site. Ads on unsecure websites can also be teeming with malware, which can lead to even bigger problems if those websites are accessed on company systems.

“It’s been a trying year for just about everyone and we’re all longing to wind down a little – but we can’t afford to slip up when it comes to cyber risks,” said Lindsey Nelson, cyber development leader at CFC. “Companies and individuals alike need to be sure they’re just a little more vigilant when it comes to spending online or on email over the holidays to ensure they can enjoy an incident-free festive period.”