Funds transfer fraud reach all-time high: Corvus

Fraudulent funds transfer (FFT) made up 36% of Corvus Insurance’s cyber claims in the third quarter of 2023 - a new record high that should give the industry cause for concern.

This is a sharp increase from the long-term of FTT accounting for 28% of all cyber claims in Corvus’s book of business.

FFT is defined as an attack in which threat actors use social engineering tactics to trick employees or vendors into transferring funds to the wrong accounts. 

The rise in FTT is related to the rise in business email compromise, which is now the preferred method of hackers using FFT. It relies on employees giving up their account credentials to threat actors, which then gain access to employees’ inboxes

FTT and ransomware now make up over 50% of all claims combined in Corvus’s book. Ransomware tended to be the more expensive loss per claim ($256,000 on average), at nearly three times the average of an FFT claim ($90,000 on average).

“Global cybercrime is growing more complex by the day, presenting security leaders with new challenges. With the power of security insights and dynamic claims data feeding Corvus’s technologies, we can help our policyholders improve their cybersecurity posture by informing them of emerging threats and best practices,” said Jason Rebholz, chief information security officer at Corvus Insurance. 

“While ransomware continues to be a dominant risk, we are seeing tactics change, including the rise of other forms of extortion as well as funds transfer fraud,” Rebholz added. “The findings from our report serve as a reminder to all security leaders that cybersecurity is fluid and attackers will shift their methods, even revisiting old tactics, so long as they continue to reap financial benefits.”