This webinar provided a comprehensive look into the evolving landscape of cyber fraud, with a focus on deepfakes, vendor fraud, social engineering and the critical role of insurance and incident response. The panelists shared real-world case studies, discussed emerging threats and offered actionable takeaways for organizations to strengthen their defenses and response strategies.

View the Recording

Passcode: Cybernov2025!

Deepfakes & Executive Impersonation

• Deepfakes: AI-generated video or audio used to impersonate stakeholders, often targeting executives, are significantly growing in frequency and severity.
• Case Study: A nonprofit’s CFO was tricked into sending a seven-figure wire transfer after receiving a deepfake video call from someone posing as the CEO.
• Key Red Flags:
  • Urgent, unexpected requests
  • Mentions of confidentiality or secrecy
  • Communications outside normal cadence or channels (e.g., After work hours, WhatsApp, Slack)
  • Use of new bank accounts for familiar vendors
  • Requests for international payments

Emerging Fraud Trends

• Business Email Compromise (BEC): Still common, now enhanced by AI.
• Payroll Redirection: Especially prevalent in industries with non-corporate email use.
• Job Sharing Fraud: Unauthorized individuals performing work under legitimate hires.
• Sanctioned Entity Employment: Employees with ties to sanctioned countries remitting pay abroad.
• Vendor Fraud: Compromised vendor emails used to send fraudulent invoice change requests.

Insurance Coverage & Gaps

• Overlap Between Cyber & Crime Policies:
  • Theft of money typically falls under crime; data breaches fall under cyber.
  • Social engineering fraud may be covered under either, depending on policy terms.
• Verification Clauses:
  • Some policies require documented verification steps to trigger coverage. Failure to follow these steps can result in denied claims.
• Coverage Limits:
  • Social engineering coverage often contains sublimits (e.g., $250K).
  • Excess coverage is available and increasingly recommended.

Vendor Payment Fraud

• Common Scenario: Fraudulent change requests sent from compromised vendor accounts.
• Mitigation Strategies:
  • Dual controls for onboarding and change requests
  • Verification of email domains
  • Automated Enterprise Resource Planning (ERP) systems with secondary approval routing

Timing & Recovery of Fraudulent Transfers

• Critical Window: The first 24–48 hours after a transfer are key for potential recovery.
• Action Steps:
  • Immediately notify your bank.
  • Execute hold harmless agreements.
  • Engage law enforcement (Secret Service, FBI).
  • Work with incident response counsel for specialized reporting channels.

Law Enforcement Coordination

Engaging law enforcement early is essential for increasing the chances of recovering fraudulent wire transfers.

• Prioritize speed: The faster law enforcement is involved, the better the odds of recovering lost funds.
• Identify contacts: Organizations should proactively identify their local Secret Service office and establish relationships before an incident occurs.
• Engage incident response counsel: Legal teams often have access to private reporting channels not available to the general public, streamlining communication with federal agencies.
• Involve Secret Service: While banks may exhaust their recovery efforts, the Secret Service continues to trace and recover funds, sometimes months or years after the incident.
  • Success Story: The Secret Service recovered $1.2M nearly a year after a fraudulent transfer.

Learn more about how law enforcement collaborates with the private sector to combat cybercrime in our recent blog post, featuring insights from the U.S. Secret Service.

Key Takeaways

• Establish documented verification procedures.
• Review insurance coverage and limits regularly.
• Build relationships with your bank, insurance broker and law enforcement.
• Include fraud response protocols in your incident response plan.
• Prioritize speed and preparedness to maximize recovery potential.