Facebook Pixel
Skip to content

Email spoofing and the value of fidelity guarantee insurance

email spoofing

In terms of the current Community Schemes Ombud Service (CSOS) Act all community schemes are required to have sufficient fidelity guarantee insurance. It is also prudent to include protection against incidents of cybercrime.

While many of us take great care and precaution when processing online financial transactions, how many of us exercise similar care in the processing of our e-mail correspondence?

Email spoofing

Email spoofing is one such method being used by cybercriminals where email messages are created with a forged sender address. In this situation, a person or program successfully masquerades as another by falsifying data to gain an illegitimate advantage. In other words, your email account is hacked or cloned by a cyber-criminal, allowing them to access and tamper with all incoming and outgoing emails.

Such an incident occurred when a large self-managed community scheme suffered a tremendous loss which did not constitute a valid insurance claim. This was despite having sufficient, CSOS-compliant fidelity cover with a leading specialist property insurer.

The scheme’s property management department received an email instruction from one of their key maintenance contractors informing them of a change of bank details. The email appeared legitimate and so the contractor’s details were amended accordingly. Shortly thereafter an invoice for a large amount was due for payment to this contractor. The management staff prepared the payment and the trustees dutifully signed it off. A few days later the contractor queried the apparent non-payment and so the disastrous error was discovered.

It was subsequently established that the property management department’s email account had been spoofed. The criminals had intercepted and tampered with a legitimate email from the contractors and the department had unknowingly played into their hands by simply handing over the funds.

More recently this type of ‘media-hijacking’ has extended to include other platforms such as WhatsApp too.

This article published by Camargue Underwriting Managers, ‘Mail spoofing, a cyber-threat induced by the victim’, explains the issue really well and includes some good examples of this type of cybercrime.

In light of such threats, we urge all property managers and others handling the finances to always double-check any transaction connected to finances. A simple phone call to confirm bank details can prevent a potential financial catastrophe. Better safe than sorry!

 

Author: Bruce Gibson

Addsure is a leading sectional title insurance broker. Get fit and proper advice from advisors who understand sectional title.

Engage with us by simply clicking HERE with your query or message.