A Texas manufacturing firm is suing its cyber insurance provider for refusing to cover a $480,000 loss following an email scam that impersonated the firm’s chief executive.
At issue is a cyber insurance policy issued to Houston-based Ameriforge Group Inc. (doing business as “AFGlobal Corp.“) by Federal Insurance Co., a division of insurance giantChubb Group. AFGlobal maintains that the policy it held provided coverage for both computer fraud and funds transfer fraud, but that the insurer nevertheless denied a claim filed in May 2014 after scammers impersonating AFGlobal’s CEO convinced the company’s accountant to wire $480,000 to a bank in China.
read more – http://krebsonsecurity.com/2016/01/firm-sues-cyber-insurer-over-480k-loss/
DMARC is a great solution for preventing direct domain spoofing. When an email is sent by an unauthorized sender (whether it is sent by a malicious user, or even an unauthorized user of a department of the company that owns/operates the domain), DMARC can be used to detect the unauthorized activity and (if so configured) request that those messages be blocked or discarded when they are received.