Businesses cannot rely solely on cyber insurance policies to protect themselves and their clients from certain cybercrimes. In a recent case, Chubb Insurance refused to cover a cyber security loss of $480,000 despite the fact that Chubb had insured the victimized company for computer funds transfer fraud.
The case involved a cyber insurance policy issued to Houston-based Ameriforge Group Inc. (AFGlobal Corp.) by a division of Chubb Group. Criminals impersonating AFGlobal’s CEO convinced the company’s accountant to wire $480,000 to a bank in China. When the fraud was discovered, investigators learned that the foreign bank account had already been emptied and closed. Source
As it turns out, cyber insurance policies such as the one held by Ameriforge Group may cover forgery of financial instruments (such as checks or drafts), but insurers may not recognize informal email correspondence containing financial instructions or wire information as qualifying financial instruments. Sending financial instructions encrypted in Registered Email™ messages may add sufficient formality to trigger cyber insurance coverage.
Fund transfer fraud often involves emails that appear to come from a company employee -- in this case, the CEO. The fact that the email has the weight of the CEO’s authority makes this particular tactic effective, as it is difficult to verify an email’s authenticity unless the sender uses a sender authentication service such as the Digital Seal® sender authentication feature included in the RMail service.
In the Chubb case, it is noted that the fraudster seemed familiar with the nature of the longstanding and trusting relationship between the accountant and the CEO, suggesting that the fraudster may have had access to emails between the two. These “fake CEO email” tactics often include email correspondence written with context, vocabulary and style matching the CEO’s normal email interactions. As always, using the RMail email encryption service when corresponding about sensitive transactions is an important preventative measure.
In this case, the fake CEO email to the accounting director Glen Wurm allegedly said: “Glen, I have assigned you to manage file T521. This is a strictly confidential financial operation, to which takes priority over other tasks. Have you already been contacted by Steven Shapiro (attorney from KPMG)? This is very sensitive, so please only communicate with me through this email, in order for us not to infringe SEC regulations. Please do no speak with anyone by email or phone regarding this. Regards, Gean Stalcup.” Wire instructions followed in a subsequent email with a request to transfer $480,000 for due diligence costs associated with a purported acquisition.
Friday, February 10, 2017 at 6:28AM 
A recent article in Naked Security how gentleman's pacemaker information may help to convict him of setting a fire in his own home. It shows how so much of our lives now is being recorded by different types of devices and in so many different locations that it is hard to stay off of the grid. With this being said, it makes you wonder how people think that they can get away with illegal acts. Remember, Big Brother is watching!
this article from healthcare info security discusses what to look for and helps prevent your organization from being fooled into sending out money to perpetrators of this type of phishing attack. 
It is great to have all the information and entertainment that you want right at your fingertips on any device that you pick up and at the location that you currently are at. Is this plausible? Of course it is!
