Invoice Manipulation occurs when fraudulent payment instructions are sent to a third party as a direct result of a security or a data breach. To catch these incidents, organizations have to scrupulously monitor their transactions, which is a major investment of both time and resources. Even organizations with extensive supervision could fall victim to this kind of attack.

How Does Invoice Manipulation Happen?

Often, hackers find their way into an insured’s account by phishing (using fake emails or promotions to get employees to click on malicious links). Once they break into an insured’s system, they quietly change the payment instructions on an invoice sent to a client. Given that the instructions seem legitimate, the client unknowingly starts sending payments to a fraudulent account.

Hackers have become extremely talented at making their communications look authentic. Furthermore, once the payment goes through, the hacker often erases all proof of correspondence to make it a lot harder to track their activities. Organizations often only detect the incident when they follow up on missed payments, weeks or months later. By that time, it is often too late to recover the funds.

Businesses of all sizes and industries are being targeted by these types of attackers. However, the most concerning issue is that most insureds don’t have any applicable insurance coverage. As such, they find that they are taking unexpected losses as their claims get denied.

Insureds should be strongly encouraged to implement policies and procedures to prevent these incidents from happening. For example, they can require their customers to send confirmation messages for all electronic transactions -- that way, they can catch transactions that fail to arrive.

Common Misconceptions About Invoice Manipulation

Both brokers and insureds often assume (incorrectly) that Invoice Manipulation would be covered by social engineering clauses in their business insurance policy. Invoice manipulation is often not considered the same as social engineering as contemplated by standard business insurance policies, given it involves a technical breach of the insured’s systems.

Insureds are often curious why the payee’s insurance carrier doesn’t cover the cost. The reason is that invoice manipulation is the result of a security breach on the side sending the invoice. As such, the payee does not bear responsibility, given that liability should remain with the breached party. If a party gets breached, it’s on the hook for the consequences.

Finally, one more misconception is that invoice manipulation would potentially be covered by a crime policy. However, this is incorrect given crime policies only cover crimes committed by employees. Given the crime was not committed by an employee, but by an outsider, the policy would not trigger coverage.

Example Claims Scenarios

Email breaches: Hackers illegally gain entry into the insured’s email system and take over a billing department’s email account. They fire off a set of invoices to customers with fraudulent payment details. When the customers make their payments, they send funds to the hackers’ accounts. Eventually, the insured’s receivables team follows up on the “missing payments” and discovers the fraudulent payment instructions. The insured is now on the hook to track down and hopefully recover the funds. In the event they fail, invoice manipulation coverage would trigger after the retention (deductible) to cover the remainder of the loss.

Accounting software breaches: Hackers breach a company’s cloud-based accounting system. They adjust payment instructions such that checks get sent to a different physical address. Given most payments are made online, it takes the receivables team weeks to notice the missing checks. After following up with their customers they realize checks were mailed to a non-corporate address. The insured is now on the hook to get the customers to cancel undeposited checks and/or recover funds. If they fail, invoice manipulation coverage would trigger after the retention (deductible) to cover the remainder of the loss.

Have any questions? Email us at support@getcyber.com. Otherwise, if you’re ready get some quotes click here to get started.