We’ve seen such attacks. They’re tricky, often made possible by poor cyber hygiene, and require attention to detail by employees as a final defense (“Boss, are we really supposed to send this wire transfer to a bank in China?”)
As Beazley defines it: “Fraudulent Instruction is the transfer of funds by an employee, outside of an organization to a third party, as a result of deceptive information provided by a criminal purporting to be someone else, typically a vendor, client or authorized employee.”
“The data reveals that professional service firms experienced more fraudulent instruction and almost as many business email compromise incidents so far in 2022 as in the whole of 2021. Claims caused by fraudulent instruction are on the rise this year despite an overall decline in incidents.
In contrast, system infiltration overall is down in 2022, due to a combination of factors including better risk selection, improved security practices, and threat actor attention being focused elsewhere.”
Source: Beazley’s latest Cyber Services Snapshot research reveals