Cybercriminals Ruin Escrow Firm and Cause Job Losses

Posted on September 16, 2013 by Marijana Dabic

Efficient Services Escrow Group of Irvine, California, was subjected to a $1.5 million Cyber heist that caused it to go out of business and lay off all 9 of its employees. Escrow companies are responsible for safeguarding funds, and if escrowed funds are at risk, the state regulator has the right to step in and protect those escrowed funds.

What went wrong?

Between December 2012 and January 2013, Efficient Services was hit with three separate fraudulent wire service transfers. These were from the company’s bank, First Foundation of Irvine, CA, to bank accounts in Russia and China. The first $432,215 that left Efficient Services’ account on Dec. 17 was recovered from Russia, but two other wires totaling over $1.1 million, which were sent to China on Jan. 24 and Jan. 30, were not recovered.

Efficient Services reported its losses to the California Department of Corporations on February 22, which launched an investigation. On Feb. 28, The Department of Corporations froze the escrow company’s activity and noted that the company had previously had instances of negligent bookkeeping and record-keeping practices.

According to former Washington Post reporter and now fraud blogger Brian Krebs, who first reported the Efficient Services incident on Aug. 13, the bank initially thought the losses resulted from embezzlement, not an account hack.

Why is this important?

Since then, a state investigation determined that a cyber theft was to blame for the losses. The cause of the incident was a remote access Trojan virus that was planted in Efficient Services’ systems. Nonetheless, the escrow company, unable to make up for its losses, has closed.

This incident now stands as one of the largest account takeover cases on record, eclipsed only by the June 2010 Global Title Services theft, which resulted in $2 million in fraudulent transfers and just over $200,000 in unrecovered losses.

Lessons Learned

In a case like this it is hard to determine whether the responsibility lies with the company or the bank. No litigation has been filed yet, but a civil suit may be filed in order to resolve the issue of responsibility for this case. Regardless, the fact remains that a cyber security breach has caused the company to close its doors and terminate jobs.

This cyber attack killed a viable business that was on its way to clear half a million in profits in 2014 and a million the year after.

ABEXAccess.com News: Your Policy Renewal Data Will Be Pre-Loaded

Posted on September 10, 2013 by Marijana Dabic

In gearing up to our official launch of ABEXAccess.com, we will continue to provide you with information of what your experience will be like with this groundbreaking platform for Real-Time rating and paperless policy issuance.

Why is it awesome?

To help make it easy for you to come on board with ABEXAccess.com, the ABEX team will enter your policy renewal data into the system for you. That way whenever you login to ABEXAccess.com, your policies that are coming up for renewal or have been renewed will already be in the system!

How does it work?

As we approach rollout of ABEXAccess.com, the ABEX team will enter policy renewal data into the system. Prior to the renewal, the information collected from your client may be updated before ABEX issues the renewal. As brokers come on board with ABEX, they will be able to see all of their ABEX policies. ABEX understands that brokers all have different workflows and levels of technology and will work with everyone to ensure the best experience and subsequent benefits from using ABEXAccess.com!

Your brokerage will be notified by ABEX when they can start using ABEXAccess.com and receive onboarding information. When you have gone through the onboarding process and login to ABEXAccess.com, you will be able to look up policies for your clients, confirm the policy details, and submit new business to ABEX for referral and policy issuance – all in Real-Time!

Show me!

Below is an example of a screen shot. Information about the new renewal policy will be entered into ABEXAccess.com by ABEX staff.

ABEX staff will issue the policy and send the policy information to you. Once you are onboard with ABEXAccess.com, you will be able to see all of your policy information!

Please click here for a larger image and click here to learn from our blog about other ABEXAccess.com features.

ABEXAccess.com will be released in the coming weeks, and those interested in test driving it can contact us at quotes@abexinsurance.com.

Lloyds Construction Consortium Offering Large Capacity

Posted on August 29, 2013 by Marijana Dabic

ABEX is very excited to offer large capacity for onshore construction projects, through the Construction Consortium at Lloyd’s.

Four of the market’s most experienced insurers of construction risks have come together to form the Construction Consortium at Lloyd’s, offering capacity to lead risks on major projects.

Key Benefits

Up to US$166 million probable maximum loss capacity (approx. equivalent to a US$664 million participation an a sum insured basis)
A lead market for all types of onshore construction projects worldwide.
Flexible participations – any consortium syndicate can lead
Bespoke wordings for clients and their projects
Lloyd’s financial security (A.M. Best A: Excellent, S&P A+: Strong)
Rapid service to meet brokers’ deadlines

For more information on this or other construction products, please contact us.

Employee Data Leaks a Major Cyber Risk

Posted on August 22, 2013 by Marijana Dabic

U.S. soldier Bradley Manning is escorted out of a courthouse during his court martial at Fort Meade in Maryland, August, 20, 2013. (REUTERS/Jose Luis Magana)

The case of Bradley Manning, the U.S. soldier convicted of the biggest breach of classified data in the US history by providing files to WikiLeaks, highlights how employees can pose a major vulnerability to the internet security.

In 2010, Manning turned over more than 700,000 classified files, battlefield videos and diplomatic cables to WikiLeaks, the pro transparency website, in a case that has commanded international attention. Manning was sentenced to 35 years in prison on Wednesday and this sentence is unprecedented in its magnitude for providing secret material to the media. Please click on the link to read more in the Toronto Sun article: Bradley Manning sentenced to 35 years in WikiLeaks case

This case shows how some of the most damaging cyber-attacks involving deliberate policy violations come from within the business, in ways that many employers overlook when it comes to their cyber security. It’s an employer’s worst nightmare—an employee is dissatisfied with his or her job and decides to defraud or steal from the company. Employees can cause enormous damage by committing these crimes.

According to a 2012 occupational fraud report by the Association of Certified Fraud Examiners (ACFE), the typical organization loses 5 per cent of its annual revenue to fraud. It also reported that the median loss caused by fraud was $160,000. For a small company, this could mean the end of the business. Small businesses are more at risk because owners inherently treat their employees like family, leading to complacency and lax security measures. Small businesses also tend not to have anti-fraud measures in place as many lack the knowhow and enforcement capabilities of larger businesses. Nearly half of victim organizations do not recover any losses that they suffer due to fraud.*

ABEX has partnered with WatSec to provide employee security awareness training as part of our Cyber Risk Management Program. The security awareness training prepares every staff member with the critical skills necessary to work productively while being vigilant for potential security threats.

Please contact ABEX and WatSec for more information on how you can effectively manage your cyber risks.

*Source: ©2013 Zywave, Inc

Hackers Demand Ransom from Businesses after Stealing and Encrypting Their Information

Posted on August 15, 2013 by Marijana Dabic

Thank you to all who participated in ABEX / WatSec Cyber Webinar yesterday. During the webinar, we touched on a few different examples of cyber attacks, one of the newest threats involving ransom attacks.

In ransom attacks, hackers steal information from businesses and encrypt it so that it can’t be read by anyone. Data from backups can get encrypted as well. Then hackers demand ransom from the victims in exchange for the encryption key that would allow the victims to access their own information. However, the hackers won’t necessarily decrypt the files even after the ransom had been paid.

There are many examples of ransom attacks happening, not only around the globe, but also here in Canada and more specifically in Southwestern Ontario and GTA. These cases do not always reach the media, and thus do not get the deserved attention.

One example includes some Dryden, Ontario residents who were struck by a combination of computer virus and Internet scam. The virus would exhibit the logo of the RCMP, informing users they have violated copyright infringement or downloaded illegal pornography. It details the applicable money-wiring businesses users should use to pay their fine of $100 within 72 hours or risk being imprisoned from one to nine years or face a fine of up to $250,000. Click here to read more.

Another example includes an Australian medical centre, Miami Family Medical Centre and The Surgeons of Lake County which all had a ransom demand after blackmailers broke into the organizations’ servers and encrypted their entire patient databases. Click here to read more.

According to Norton’s Cybercrime 2012 report, 70% of online adults in Canada have been the victim of cybercrime at some point in their life. Cybercrime costs Canadians $1.4 billion per year. The average cost per crime victim is over $160, according to Norton’s report.

A security company, Trend Micro, has published an infographic: The Cybercriminal Underground: How Cybercriminals Are Getting Better At Stealing Your Money. The infographic explores what items are being traded in the cybercrime underground, how the underground is organized, and how users are affected. Click here to read more.

Please feel free to contact ABEX and WatSec for more information on how you can effectively manage your cyber risks.

Archives