We are seeing numerous instances of creative schemes resulting in businesses being exposed to fraudulent transfers.
Optisure Risk Partners is an active and rapidly growing national insurance and risk management entity which insures thousands of building owners and tenants countrywide. As a result, we are privy to a variety of trends affecting the industry from a loss perspective. Some of these trends hit closer to home than others and as such I wanted to share with you an area where you could face significant financial losses.
As it effects your business’s lease arrangements, one in particular is pertinent. We have recently seen claims activity where a landlord notes that a tenant is overdue in the payments required by its lease. Typically, this may go for longer than a month or two if the landlord is not aggressive in pursuing overdue amounts. When the landlord finally calls the tenant to make a collection attempt, the tenant responds that, per the landlord’s request, they made the payment electronically. The scam involves some form of the tenant being misled by either email or a letter on what appears to be the landlord’s letterhead instructing the tenant that all future payments should be made electronically by EFT/ACH/Wire etc. The tenant follows the instructions only to find that the email address was spoofed/hacked, fake letterhead produced or some variation thereof. With technology at our disposal, creating a realistic looking email or letter is very simple. At the end of the day, the tenant’s money has never reached the landlord and the obligation of the now overdue $$$’s remains upon the tenant.
- If you are a landlord: we recommend that you require that any change of payment methodology from check or than otherwise previously established be confirmed with by the Tenant in accordance with the notice requirements under the lease and suggest a confirmatory supplement with a phone call to the office. Typically, those notice requirements require that notice be given in writing to the legal entity owning the property with a copy to the attorney as specified in the lease.
- If you are a tenant: if you receive any document or call purporting to ask you to change your payment methodology, for your own protection, please independently verify with a direct call and confirmation per the notice requirements of the individual lease.
Most insurance does not cover this type of loss within any of your basic insurance policies. Some policies may include some element of cyber coverage or data breach but do not typically cover deception and social engineering type losses. As this is an emerging field, those that do are usually ‘non-standard’ in their forms so must be carefully compared and frequently have sub-limits and higher deductibles or retention levels. You can see from the following example the types of differences you could expect to find:
If you would like assistance in sorting through this exposure and others in the cyber arena, please call Optisure’s cyber experts – 603.217.2432 and speak with Optisure’s cyber specialist, Randy Eifert. Depending upon your industry and policies selected, protection can often be secured in the $1-2,000 premium range. Small businesses can frequently obtain it for as low as a $750 minimum premium. As a courtesy we can also provide you with our white paper addressing data breach type responses.
You are also welcome to reach me directly for a further discussion of ‘folder and rule nesting’ that we are seeing in instances where an email account is hacked. This one is particularly nefarious as it involves a fairly expensive remediation process for privacy breaches and can go undetected for a surprisingly long period of time.