FCPA Compliance Report-Episode 408, Brad Davis on Social Engineering for Data Protection
The hospitality industry faces mounting cybersecurity challenges as artificial intelligence (AI) enables increasingly sophisticated social engineering attacks targeting hotels, resorts, and travel service providers. Threat...more
The SafePay ransomware group has been active since fall 2024 and has increased its activity this spring and summer. According to NCC Group, SafePay hit the most victims of any threat actor in May 2025—it is linked to 248...more
The global cyber scam industry is a multi-billion dollar racket run by crime syndicates who often operate through massive compounds known as “scam farms” in far flung locations. On our shores, many businesses fall prey to...more
A threat actor group with ties to the Democratic People’s Republic of Korea (“North Korea”) called Contagious Interview is using front companies to spread malware through fake job interviews. This group has a history of...more
A recent court case has unveiled a new level of sophistication in attacks targeting high-net-worth cryptocurrency holders. In a meticulously orchestrated scheme, hackers managed to steal more than $40 million in bitcoin from...more
At this point, your IT department has almost certainly warned you to approach your e-mail inbox with skepticism--for good reason. Cybercriminals regularly and effectively impersonate our legitimate contacts for illegitimate...more
We have educated our readers about phishing, smishing, QRishing, and vishing scams, and now we’re warning you about what we have dubbed “snailing.” Yes, believe it or not, threat actors have gone retro and are using snail...more
Ask any chief information security officer (CISO), cyber underwriter or risk manager, or cybersecurity attorney about what controls are critical for protecting an organization’s information systems, you’ll likely find...more
Editor’s Note: This webcast brings together some of HaystackID’s top experts to dissect the intricacies of Business Email Compromise (BEC) attacks—a rapidly growing threat impacting organizations globally. During the...more
Most policyholders are aware of the danger of losses from fraudulent instructions and invoices accomplished through what is known as “social engineering” or related methods. Often this is carried out by an email claiming to...more
The United States District Court for the District of Minnesota, applying Minnesota law, has held that an insured’s loss resulting from the insured’s payment of fraudulent invoices received from a bad actor who hacked into the...more
On August 12, 2022, the U.S. District Court for the District of Minnesota dismissed a policyholder’s complaint seeking a declaration that $600,000 in social engineering fraud loss fell within a crime policy’s computer fraud...more
Applying North Carolina law, a federal district court has held that an E&O insurance policy does not provide coverage for loss arising from social engineering fraud despite the fact that the insured’s negligence also...more
Fast-spreading disinformation and the growing ease with which believable deepfake media can be created are threats that are poised to accelerate a range of business dangers, particularly those related to reputational risk,...more
The most significant coverage issue facing the fidelity industry today is the scope of causation. Whether a court applies a “direct means direct” or a tort-based proximate cause standard often is the deciding factor in...more
The Situation: Businesses are increasingly at risk of social engineering crimes, and often their commercial insurance policies do not provide the full protection that they expected. The Result: Three recent decisions...more
The Sixth Circuit recently entered a ruling in American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America, 2018 WL 3404708 (6th Cir. July 13, 2018), soundly rejecting a cyber carrier’s extremely narrow...more
Risk Management Question: How can lawyers identify and avoid increasingly common social engineering scams?...more
In this month's edition of our Privacy & Cybersecurity Update, we discuss the Article 29 Data Protection Working Party's critique of the Privacy Shield and the Sixth Circuit's decision to consider the issue of computer fraud...more