Email spoofing and the value of fidelity guarantee insurance

email spoofing

In terms of the current Community Schemes Ombud Service (CSOS) Act all community schemes are required to have sufficient fidelity guarantee insurance, including protection against incidents of cyber crime. While many of us take great care and precaution when processing online financial transactions, how many of us exercise similar care in the processing of our e-mail correspondence?

Email spoofing

Email spoofing is one such method being used by cyber criminals where email messages are created with a forged sender address. In this situation a person or program successfully masquerades as another by falsifying data to gain an illegitimate advantage. In other words, your email account is hacked or cloned by a cyber-criminal, allowing them to access and tamper with all incoming and outgoing emails.

In a recent incident, a large self-managed community scheme suffered a tremendous loss which did not constitute a valid insurance claim. This was despite having sufficient, CSOS compliant fidelity cover with a leading specialist property insurer.

The scheme’s property management department received an email instruction from one of their key maintenance contractors informing them of a change of bank details. The email appeared legitimate and so the contractor’s details were amended accordingly. Shortly thereafter an invoice for a large amount was due for payment to this contractor. The management staff prepared the payment and the trustees dutifully signed it off. A few days later the contractor queried the apparent non-payment and so the disastrous error was discovered.

It was subsequently established that the property management departments email account had been spoofed. The criminals had intercepted and tampered with a legitimate email from the contractors and the department had unknowingly played into their hands by simply handing over the funds.

This article published by Camargue Underwriting Managers, ‘Mail spoofing, a cyber-threat induced by the victim’, explains the issue really well and includes some good examples of this type of cyber-crime.

In the light of such threats we urge all property managers and others handling the finances to never hesitate to double-check any transaction connected to finances. Better be safe than sorry!

Author: Bruce Gibson

Addsure is South Africa’s leading sectional title insurance brokerage. Obtain fit and proper advice from advisors who understand sectional title. Contact us our head office, Cape Town (021) 551 5069 who will put you directly in touch with one of our nationwide advisors.