The Dovetail: Claims Trend – Malicious Misdirection of Payment Scams

By Ray Rogers, AINS – Senior Claims Examiner

Over the past several years, we have seen an increase in claims involving misdirection of payment. These scams are deceptively simple. A cybercriminal clones the email address of an insured’s vendor, then uses that clone to send the business their usual invoice – but with one significant change: the routing number. The insured pays the invoice, thinking they are settled up with that vendor.

However, the money goes directly into the cybercriminal’s account, with predictable results. The vendor thinks the business is past due, and the business has to pay the invoice twice.

In addition, we have also seen a couple of cases where the cybercriminal cloned the email of a Chief Financial Officer. Using that clone, the cybercriminal sent emails to the CFO’s company to pay fake invoices, which appear to come from a legitimate company with which the company does business. As in the scenario described above, the notable difference was the routing number.

These criminals exploit a basic aspect of healthy business relationships: trust. The vendor trusts the customer to pay their bills on time and the customer to have their invoice payments issued without question.

Many of the misdirection of payment claims we have seen originate in China or Hong Kong. That may be the origin, or the first of many bank accounts the money runs through before reaching its intended place.

There is currently not any coverage for these types of losses under our insurance policies. But we can offer insureds recommended procedures that can help them prevent this from occurring at their businesses. Here are four recommendations that you can share with your clients.

  • If a vendor’s routing number changes from one invoice to another, call the vendor to verbally confirm the change. It is important to call rather than email in case the vendor’s email has been compromised.
  • Set up a process that works for you and your vendor for confirmation of any changes involving payments before any invoices are issued. If you receive an invoice with a different routing number but the vendor did not follow the agreed upon process, you can wait to make the payment and follow the above confirmation procedure.
  • To safeguard against misdirection scams involving senior executives, establish with your bank a procedure for approving large payments. Any payment over a certain dollar amount must be approved by the CFO or another leader with financial authority. Often, the bank calls their cell phone before releasing the payment.
  • If you suspect a misdirection scam, alert the vendor being impersonated that their email system has been compromised. This helps them take necessary steps to decrease the odds of it happening again.

If there is one trend we can depend on, it is — unfortunately — cybercrime. Whether criminals use misdirection or another method to steal from and scam insureds, this problem makes it imperative for all insurance professionals to help their clients protect their digital systems and resources. Being proactive is an insured’s best defense.

PLM