Cyber [email] Risk reminder - unencrypted emails are dangerous
I wish to highlight a news item that was posted today following a warning from the Channel Islands Financial Ombudsman's update on "emerging issues"
A Fraud costs a Channel Islands bank £191,232.50 due to failure to identify a fraud involving an Authorised Push Payment (APP) instruction
CIFO's final decision was for the bank to reimburse Miss R for the lost funds of £150,000 (CIFO's statutory limit for a binding decision). CIFO made a non-binding recommendation for the bank to pay the remaining amount of the lost funds of £14,113 as well, plus interest on the total amount. The bank agreed to pay the recommended amount in addition to the statutory limit. Miss R received the £164,113, plus £27,121.50 in interest, totalling £191,232.50 in total compensation
This case study complaint relates to an authorised push payment (APP) fraud and the reluctance of the bank to compensate a customer's losses due to the fraud. And shows firms need to ensure staff are adequately trained in emerging fraud risks and trends
Read the case study here - https://www.comsuregroup.com/news/fraud-costs-a-channel-islands-bank-191-23250-in-compensation/
The mistake (and loss) highlighted in this case study would have been prevented if someone had called the investment company (call-back) to verify the new payment details. As noted in the case study
- Had the bank provided a warning about the risk of relying on payment instructions received by email, or noted the change in payment details that Miss R had provided, the fraud would likely have been identified, and the loss could have been prevented?
With the above expensive mistake in mind and as a reminder to everyone, please note the following easy to remember message:-
- Any unencrypted email with payment instructions (and or other sensitive instructions) should be treated with care and caution and a check (such as a call back) should be undertaken to ensure authenticity.
- Also do not forget to record on a file note you did the check, and who you did the check with, as it may be important in the future.
- Also, see points 1+4 below in the top tips reminder below.
Also do not forget you should apply these rules at home as well as at work, to be cyber safe.
Meet the team of industry experts behind ComsureFind out more
Keep up to date with the very latest news from ComsureFind out more
View our latest imagery from our news and workFind out more
Think we can help you and your business? Chat to us todayGet In Touch
As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email email@example.com.