The Tribune published an article on September 17th, 2020 about an Insurance Firm that Suffered a Cyber Attack.
The firm, which has around 1,000 local and international clients suffered a breach to their computer systems which elevated to a client being scammed $40,000. The scam targeted their clients through phishing emails requesting payments on outstanding bills
- After a breach in the Insurance company’s systems, a client from the United Kingdom received a phishing email and followed instructions to settle a $40,000 bill. The firm was able to confirm that the email request was malicious and had the payment cancelled by a bank.
- An email account of an accountant in the firm was hacked and sent emails were hijacked. Those sent emails targeted a bill that was sent to a client, directing them to settle a bill at a UK bank.
- Despite the transparency on the breach, the firm did not agree to reveal their name to The Tribune over the fear of financial fallout. The spokesperson for the organization wants to spread awareness that an incident of such is possible. The firm has since spread notice of the scam to everyone to deter the threat.
- To protect the company and its clients, two-factor authentication was implemented for log-ins. “We have changed up our system now. Nobody can go into our emails without a secondary authentication number as a result of that hack”, the spokesperson stated.
Contributed by: Jason Jacobs from Guyana. Jason is a member of the CCST Discord group from the G5 Cyber Security Foundation Ltd. Learn more about CCST (Caribbean Cyber Support Team) by visiting caribbeancst.org. CCST is a collaborative group on the Discord platform for Caribbean people in IT, from beginners to experts.