Lockton has seen multiple clients targeted by highly sophisticated social engineering fraud linked to merger and acquisition activity. These incidents are recent, and have had significant impacts.
Even large organisations with strong internal controls have fallen victim to impersonation theft involving the following features:
C‑suite directors were contacted by fraudsters posing as individuals connected to their investors, requesting support on a confidential M&A transaction involving multi‑jurisdictional deals.
Well‑known law firms were impersonated, including the creation of WhatsApp “project groups” asking our insureds sign NDAs to reinforce credibility for the “deal”.
Fake portals were established in the name of the law firm to exchange documents.
Mobile numbers were set up across multiple jurisdictions making calls and messages, which originated from different countries, appear genuine.
Multiple payments were made to fraudulent bank accounts over a 2–3 week period, rather than a single transaction.
These cases spanned the US, Europe and Asia, adding complexity and reducing the opportunity to detect the fraud early.
Once funds were transferred, recovery proved almost impossible, leaving our clients with significant lost funds.
We recommend that all clients review their existing financial controls and ensure that their employees are aware of how these frauds can be perpetrated.
How we can help
This has driven some of our existing clients to question whether they are purchasing sufficient Crime insurance coverage and in particular adequate social engineering fraud limits. To address this exposure, which is not new but seems to be growing in frequency, Lockton has developed a Crime Insurance solution that provides full policy limits for social engineering coverage that works on an ‘all-risks’ basis.
Please contact a member of our team if you would like to discuss options for Crime insurance cover.