Early in April, a financial advisor and her team met with an insurance company wholesaler via, as per the current coronavirus quarantine, the video conferencing platform Zoom.
Unbeknownst to them, another participant had joined the virtual meeting.
As the hacker captured details, the wholesaler named the price of a new policy and the advisor agreed to the terms.
It’s likely that even before the meeting ended the eavesdropper generated an email to the advisor so that it appeared to come from the insurer. In a later forensic analysis, an overlooked detail revealed the spoof: a single letter the hacker changed in the insurance company’s name.
After the meeting ended, the advisor received the message with instructions to wire money — in the low six figures — to a New York bank account. She did as instructed, sending the money to the hacker.
“This is how fast the bad actors are,” says Brian Edelman, cyber consultant and founder of FCI in Bloomfield, New Jersey, who the insurer brought in to handle the breach. (He agreed to provide only general details as he is legally constrained from discussing client cases.) Only rapid intervention by the FBI managed to recover the money,…
