News

Cyber [email] Risk reminder - unencrypted emails are dangerous

03/11/2020

I wish to highlight a news item that was posted today following a warning from the Channel Islands Financial Ombudsman's update on "emerging issues"

A Fraud costs a Channel Islands bank £191,232.50 due to failure to identify a fraud involving an Authorised Push Payment (APP) instruction

CIFO's final decision was for the bank to reimburse Miss R for the lost funds of £150,000 (CIFO's statutory limit for a binding decision). CIFO made a non-binding recommendation for the bank to pay the remaining amount of the lost funds of £14,113 as well, plus interest on the total amount. The bank agreed to pay the recommended amount in addition to the statutory limit. Miss R received the £164,113, plus £27,121.50 in interest, totalling £191,232.50 in total compensation

This case study complaint relates to an authorised push payment (APP) fraud and the reluctance of the bank to compensate a customer's losses due to the fraud. And shows firms need to ensure staff are adequately trained in emerging fraud risks and trends

Read the case study here - https://www.comsuregroup.com/news/fraud-costs-a-channel-islands-bank-191-23250-in-compensation/

The mistake (and loss) highlighted in this case study would have been prevented if someone had called the investment company (call-back) to verify the new payment details. As noted in the case study

  • Had the bank provided a warning about the risk of relying on payment instructions received by email, or noted the change in payment details that Miss R had provided, the fraud would likely have been identified, and the loss could have been prevented?

With the above expensive mistake in mind and as a reminder to everyone, please note the following easy to remember message:-

  • Any unencrypted email with payment instructions (and or other sensitive instructions) should be treated with care and caution and a check (such as a call back) should be undertaken to ensure authenticity.
  • Also do not forget to record on a file note you did the check, and who you did the check with, as it may be important in the future.
  • Also, see points 1+4 below in the top tips reminder below.

Also do not forget you should apply these rules at home as well as at work, to be cyber safe.