It was a typical cyber-attack on a Small Medium Enterprise. The company was a victim of a ‘phishing’ scam; a fraud in which employees are tricked via telephone or email into giving away sensitive information such as banking details.
Someone in the finance team was phoned up and (the phisher) managed to elicit the user name and password for the online bank account and to transfer out £100,000 from it. The phisher was able to confirm the identity of the Bank Manager by name who was responsible for the client before the information was passed over, under the pretence that a fraud was about to happen, and they needed to freeze the bank accounts of the company.
One of the biggest sources of claims we see from Small Medium Enterprises is from telephone hacking through voice over the internet protocol (Voip). Many businesses leave their Voip configured to default settings, if that happens people can hack into your phones and make calls from your network. That is not covered in any standard insurance that you have, and your telephone or bank will not indemnify you against it because it is not their fault. MRIB had provided the client with Cyber Liability insurance and the full claim was settled at £100,000.