Insurance Forensics III

"CarsofFortLangley - Oppo Forever" (carsoffortlangley)
04/24/2020 at 11:37 • Filed to: None

Since people seem somewhat interested in things I do and with all this “folding at home” computer talk, I thought I would share another aspect of insurance most people don’t consider.

As mentioned before, at times I engage with and work directly with Forensics of one type or another. My tw o prior posts (see bottom of post) were about physical forensic data. But what about digital or quasi-physical stuff?

One such matter I am currently dealing with is a large theft that took place via wire transfer. Often, due to the complexities and different geographic locations involved, the police are not involved in these matters.

Either a hacker or Nibby

What appears to have occurred is that through Spear-Phishing (targeted) or regular Phishing (broad-scale attacks) an email account at a company (our client’s supplier) was compromised. A malicious attacker then used a legitimate email account to send out falsified wire transfer information to purchasers and presto….easy money.

I basically act as a consultant on this type of matter and work with some of my existing contacts to retain a Digital Forensics Specialist to…..do what they do and determine the source/cause and possible identity of the malicious actors as well as any compromised data/accounts that may still exist.

The biggest users of Digital Forensics are actually HR deparments. They hire these guys to look at possible data exfiltration (unauthorized transfer of data outside a company network), internet policy violations and Intellectual Property theft. This is actually an insurance related aspect as it helps support “with cause” terminations and defend against wrongful termination lawsuits which, under certain policies is a covered claim.

Cyber Insurance and, by extension, cyber claims are a growing field and risk to nearly every company and private citizen. It’s still a relatively new thing and, to be honest, not as engaging as some of the physical forensic work I’ve posted about before.

Still, cool stuff.

Insurance Forensics I

Insurance Forensics II

DISCUSSION (13)

Highlander-Datsuns are Forever > CarsofFortLangley - Oppo Forever
04/24/2020 at 11:56

This is a good time to remember why bankers are not working at home, could you imagine the data breach issues?

CarsofFortLangley - Oppo Forever > Highlander-Datsuns are Forever
04/24/2020 at 11:59

Yeah. We’ve discussed and written a lot about that in my office. Regardless, there is an unprecedented amount of info flowing over home wifi networks right now.

Scary/interesting times

Thisismydisplayname > CarsofFortLangley - Oppo Forever
04/24/2020 at 12:01

This stuff sounds interesting too. Especially the file transfer stuff. I’ve always wondered how much info could be traced and tracked. As in, I have forms and IP that has been made at the current company, but if I were to copy those files off to a local hard drive and take that with me to a new company would it be traceable? I assume there are tags in the files that could be matched up if one had the original and the copied file, but assuming you never had the hard drive it was copied to, is there a trail to follow to know if this has happened or not?

Asking for a friend and all that ;).

But seriously, I can see this as a big issue. Companies spend lots of time and in turn money to produce IP and then it could just be copy pasted over to some other company to use.

CarsofFortLangley - Oppo Forever > Thisismydisplayname
04/24/2020 at 12:13

The company would have a record of what file left the computer and how.

Ive worked at places where you had to have approval from the head of IT to even plug in a USB. Removing/adding files was logged and sent to security

For Sweden > CarsofFortLangley - Oppo Forever
04/24/2020 at 12:22

I refuse to trust any insurance company that will sell casualty insurance to a physician that owns a Bonanza.

DipodomysDeserti > CarsofFortLangley - Oppo Forever
04/24/2020 at 12:35

“Often, due to the complexities and different geographic locations involved, the police are not involved in these matters.”

That, and the tax man might find something out.

CarsofFortLangley - Oppo Forever > DipodomysDeserti
04/24/2020 at 12:39

Nah, it's just an ordinary order from a supplier.

Tripper > CarsofFortLangley - Oppo Forever
04/24/2020 at 12:52

I had to hold a meeting explaining Spear-Phishing in detail after our AP person tried to wire 30k to someone who spoofed our CEO...

They still didn’t get it...So myself, my desktop support analyst and a coupl e of my buddies (with our CEO’s permission) lead a $100 spear phishing attack on all of the people we thought would take the bait. They all did, then we had another meeting... Which was really funny.

jeepoftheseus > CarsofFortLangley - Oppo Forever
04/24/2020 at 13:24

Thanks for sharing! I’m on the agency side of the industry so it’s fascinating to hear the claim investigation side that you’re in. I’m commercial P&C so the claims that you describe, especially this one , are very real threats to my clients.

DipodomysDeserti > CarsofFortLangley - Oppo Forever
04/24/2020 at 13:25

My old business neighbors were a building maintenance supply company. I’m 90% sure they were drug traff ick ers.

Insurance must be a whole lot different in Canada, as most policies here aren’t covering shit for theft unless there’s a police report. I would think you’d be putting yourself at risk liability wise if you end up helping people launder money.

From what I understand your AO has turned into a bit of a laundromat for sketch money.

CarsofFortLangley - Oppo Forever > jeepoftheseus
04/24/2020 at 13:27

I'm actually in the commercial agency side as well. I'm basically employed to work with our brokers/agents and clients to ensure things flow smoothly

jeepoftheseus > CarsofFortLangley - Oppo Forever
04/24/2020 at 13:39

Oh my mistake , I thought you were on the carrier side. That’s awesome though! I would imagine that it is pretty interesting being more claims focused and it’s always fun to find the coverage that the adjuster/carrier says is not there. Frustrating, but fun.

Thisismydisplayname > CarsofFortLangley - Oppo Forever
04/26/2020 at 00:16

Wow, that’s a bit creepy, but understandable. I always assume my company can see anything I do in my company computer if they really wanted to. I guess I wasn’t too far off.