3 years ago ·
by Joyce Insurance ·
Comments Off on COVID-19 Update: Reopening Joyce Insurance Group Offices
June 5, 2020
As Lackawanna, Luzerne, and Lehigh Counties move into the less-restrictive yellow phase of Governor Tom Wolf’s three-phase reopening plan, Joyce Insurance Group will open select offices to the public on Monday, June 8th.
Members of the community seeking in-person customer service can visit our Pittston and Old Forge locations. A protective mask must be worn before entry, and remain on at all times while in the building. We encourage all members of the public to follow CDC social distancing guidelines and sanitize your hands upon entry into our offices. Hand sanitizer will be available at all entry points. No more than two members of the public will be allowed within office areas at one time.
For curbside service, customers can visit our Nanticoke and Allentown locations. The Hazleton location will remain closed to the public until further notice.
For the safety and protection of the public and our employees, we have installed clear partitions in our reception areas and in-person meeting rooms. We are requiring all employees to wear protective face masks and to maintain CDC social distancing guidelines. All offices will be cleaned and disinfected daily as a protective safeguard for our employees and visitors.
If you have any questions or concerns, please call 570-655-2831. Wishing you and your family all the best, as we all look forward to a bright future. We’re here for you now and the road ahead.
3 years ago ·
by Joyce Insurance ·
Comments Off on Protecting Your Business From Social Engineering
Fraud and social engineering claims filed by policyholders have dramatically increased since the start of the COVID-19 pandemic. *Reported losses ranged from $25,000 to $1.3 million per event, with threat actors exploiting COVID-19 and changes in organizations’ operating procedures.
Please be aware that email is not a secure medium, and one should never rely upon financial instructions sent via email without additional verification. We highlight below some of the criminal tools, tactics, procedures (TTPs) we see in use, and our recommendations for keeping your organization safe:
- Invoice manipulation: criminal actors are sending phishing emails with malicious links and files to trick individuals into providing credentials to their business email accounts. Once an email account is compromised criminals search for and doctor any discovered invoices with fraudulent wire instructions. They then use the compromised account (or a look-alike domain) to send the manipulated invoices to third parties claiming that, due to COVID-19, check payments are no longer being accepted and that all payments should be made to the new (fraudulent) account. Depending on whether an organization is on the giving or receiving end, it can suffer a 1st party loss of any funds transferred or liability to 3rd parties who are socially engineered into wiring funds as a result of an organization’s security failure.
- Look-alike Domains: related to the above, criminal actors commonly register domain names that appear similar to an organization’s or its partners’ domain names. For example, instead of receiving an email from your vendor’s real address (e.g., firstname.lastname@example.org), the hacker sends it from email@example.com. Did you spot the difference? Very often, these emails contain intimate knowledge of company procedures by virtue of their access to a compromised email account. While it can be easier to spot typos in an organization’s own domain, it can be very difficult to do so for vendors and partners, and all can be potential vectors of compromise.
- Domain Spoofing: criminals are preying on organizations that have failed to set up SPF email security, allowing them to send emails from an organizations’ actual domain (i.e. email spoofing). While many mail clients are set up to detect this, many are not, allowing an attacker to impersonate anyone in an organization without ever compromising an account.
In order to avoid these common attacks, we recommend that you:
- Never rely on wiring instructions sent via email or in attachments. Whenever receiving a new instruction or a request to change an existing one, be sure to use a dual-control method to confirm the instruction (e.g., if you received it via email, make a phone call to a known good phone number to verify).
- Always verify with your bank that the name of the organization you are transferring funds to matches the name associated with the account number provided to you (if it’s fraudulent, it often won’t).
- Always use 2-factor authentication. That way, if someone in your organization is ever tricked into disclosing their credentials, the hacker will be missing the 2nd factor to gain account access.
- Configure SPF and DMARC records to avoid email address spoofing — there is no cost to do so.
- Consider using an anti-phishing solution, or configuring your email client to notify you when you are receiving an email from outside of your organization.
Just about any organization that uses technology to do business faces cyber risk. And as technology becomes more complex and sophisticated, so do the threats we face — which is why every business and organization needs to be prepared with both an effective cybersecurity plan, and a cyber liability insurance policy to manage and mitigate cyber risk. Take Your Free Cyber Liability Risk Assessment here.
Request A Complimentary Cyber Liability Risk Consultation