It’s a common enough scenario these days. Someone calls accounts payable claiming to be a vendor and says, “We’re having issues with our bank account, so when you send out our payment, please don’t use the account number you have.”
The caller then provides a new account number, often at a different financial institution altogether. Maybe two months later, accounts payable will get another call, this time from the real vendor, who wants to know why his company has never been paid.
While this is “not something the FBI tracks,” according to Greg Bangs, vice president and worldwide crime insurance manager for Chubb, a 2011 survey by Checkpoint Technologies indicated that nearly half of the businesses they contacted had experienced a loss of this type. The numbers are impressive: Most losses are between $25,000 and $100,000, but some are in excess of that.
The deception, said Bangs, may occur by phone or by email, and it may be someone impersonating a vendor, a client of the firm or even a senior executive of the company itself. The goal is the same, though: to dupe the company out of a sizable amount of money and then disappear.
“They’re convincing through various means,” said Bangs: “social media, online research, telephone conversations [to get information that is] designed to make them more believable.”
This kind of loss is not covered by standard crime policies. Bangs said crime insurance covers a “criminal act in which something has been taken from the company that has the crime insurance. […] As long as you can prove someone took it, [it's covered.] But with social engineering fraud scams, it’s not that someone has taken something, but that someone has voluntarily given it up because they’ve been tricked. That’s not covered” by standard policies.