RISK MANAGEMENT Real estate transactions are a target for sophisticated fraud scams and when those frauds succeed, brokerages in turn are often potential targets for litigation. According to the findings in Cyber and Fidelity Insurance Report for Real Estate Brokers, a study commissioned by the National Association of REALTORS®, three different types of insurance coverages may be needed to protect the brokerage from these threats: • Errors and omissions; • Cyber insurance; and • Crime coverage. EXPOSURE ANALYSIS There are various lines of coverage available in response to a fraud scheme. In the typical scheme, a party to the transaction receives fraudulent information from a fraudster impersonating another participant in the transaction such as the seller. The party may then provide the incorrect instruction to a third party, bank or lawyer, who uses the information to direct the payment to the fraudster’s banks account, which leads to a loss. The real estate professional typically does not incur a loss themselves from the fraud scheme. However, they may be involved in the suit for the loss sustained. If it is found that the salesperson was negligent because the fraudster breached the brokerage’s computer network to gather intelligence about the transaction, an E&O policy should provide a defense to the salesperson and the brokerage. However, the lost funds will not be covered by the brokerage’s E&O insurance because the salesperson was not the party making the fund transfer. COVERAGE DISCUSSION Businesses are facing an endless stream of attempted and often successful deceptive funds transfers. Although most people instinctively consider these to be cyber losses, they have not to date been uniformly covered by most cyber insurance policies or crime policies. There are at least seven potential scenarios for deceptive funds transfers, three of which fall under the special heading of “social engineering” due to the fraudster’s manipulation of unsuspecting humans into performing acts or divulging confidential information. The social engineering coverage that insurance companies are currently providing only covers a loss where the financial loss has been sustained by the entity making the payment based on the fraudulent information. Coverage for losses stemming from social engineering scenarios is currently a particular industry challenge. Cyber Security Insurance solutions for covering loss and liability stemming from cyber scams THE DEADLY SEVEN There are at least seven variations of potential scenarios for deceptive fund transfers: 1. The transfer is effected entirely by a hacker independently penetrating a computer system or a user's personal device like a smart phone, and making the transfer 2. The hack and transfer are enabled by employee negligence 3. The fraudster convinces an employee to reveal credentials, enters the network by using them, and then transfers funds 4. The fraudster gets an employee to open an attachment or click on a link, thereby allowing the network to be penetrated, and allowing the transfer of funds 5. The fraudster, through emails or telephone calls or both, posing as a company’s executives, vendors or customers, convinces an employee to transfer funds; 6. An employee enters data believed to be accurate, but which in fact is fraudulent; and 7. A rogue employee makes an improper transfer or enters fraudulent data. Scenarios 3, 4 and 5 are variant methods of social engineering. 20 Orlando REALTOR® September / October 2017
20509OR
To see the actual publication please follow the link above