Skip to main content

Cyber Insurance

FBI Warning: Email Rule Glitch Leading to Uptick in BEC Attacks

Prevent Email Fraud

Cyber criminals are exploiting an email forwarding rule vulnerability to send and receive emails on behalf of unknowing employees.

An Overview of Business Email Compromise (BEC) Attacks

Here’s how hackers operate in the shadows of your email account.

Business Email Compromise attacks… a hacker gains access to your work email account, and sends/receives emails pretending to be you. So how do they get in, what kinds of emails do they send, and how do they remain unnoticed?

Breaking into a business email account is easier than most employees realize. Billions of log-in credentials are already available for purchase on the dark web, so it’s often as simple as buying a bundle of credentials, and trying them all one-by-one. That is one of the main reasons it’s so important to change your passwords regularly and to not use the same passwords for multiple accounts. Keep in mind, if a hacker purchases your Facebook/Instagram log-in credentials, they often try using that same password to access your email and/or bank accounts.

Once inside your business email account, hackers first search your history for email threads containing words like “bank”, “invoice”, “wire”, or “payment.” Typically, they want to find payments/invoices that occur at the same time each month, or open invoices which have not yet been paid. The criminals then email those individuals saying something to this effect:

“Hi Patricia,

Just wanted to send a note regarding this month’s invoice. We were having some issues with our bank, so we decided to move all of our accounts to a new bank. For this month and all future transfers, please send funds to Account #123456789, Routing #987654321.

Thanks, and hope to see you in person once all of this COVID craziness is over!


Steve the CFO”

But wait, couldn’t you just go into your sent messages and see the shady emails in your history? And if the recipient (in this case, Patricia) responds, wouldn’t you see that message come through your inbox? No you would not, thanks to the power of auto-forwarding rules. Hackers can set rules to automatically forward messages to their own inbox, and automatically delete all messages from your sent folder and they can do the same with your inbox, auto-deleting messages received from their targets, or by sending emails where the “reply” address is different than the “from” address.

Related: Read the FBI’s Official Warning

How do I know if my account has been compromised?

You could usually just check your auto-forwarding rules to make sure there is no funny business going on, but hackers recently found a massive loophole in some email providers. Here’s the trick: rules set up on the web-based version of an email account do not automatically sync to the desktop app version, enabling criminals to hide in the background until settings are manually synced. While some IT departments scan for these types of discrepancies and sync web and desktop versions daily, some do not. In this case, the rules would likely go unnoticed until the next manual sync.

Here are the FBI’s official risk mitigation recommendations:

  • Ensure both the desktop and web applications are running the same version to allow appropriate syncing and updates.
  • Be wary of last minute changes in established email account addresses.
  • Carefully check email addresses for slight changes that can make fraudulent addresses appear legitimate and resemble actual clients’ names.
  • Enable multi-factor authentication for all email accounts.
  • Prohibit automatic forwarding of email to external addresses.
  • Frequently monitor the Email Exchange server for changes in configuration and custom rules for specific accounts.Create a rule to flag email communications where the “reply” email address differs from the “from” email address.
  • Add an email banner to messages coming from outside your organization.
  • Consider the necessity of legacy email protocols, such as POP, IMAP, and SMTP, that can be used to circumvent multi-factor authentication.
  • Ensure changes to mailbox login and settings are logged and retained for at least 90 days.
  • Enable security features that block malicious email, such as anti-phishing and anti-spoofing policies.

Are BEC attacks covered by cyber insurance?

Yes. Here’s how.

Evolve’s cyber insurance policy covers both 1st party and 3rd party bank accounts. If the Insured suffers a BEC attack and the hackers successfully trick one of the Insured’s vendors to wire money to a fraudulent bank account, Evolve would cover the losses of the vendor in aggregate up to the policy limit.

If the vendor were the one whose email account is hacked, and the criminals convince an Evolve Insured to wire money to a fraudulent account, then the Insured would be covered on an each and every claim basis up to the policy limit.

Vertafore Data Breach: Personal Info of 27 Million Texans Exposed

Risk management | cyber security tools

Insurance SaaS giant Vertafore exposed 27.7M names, driver license numbers, dates of birth, addresses, and vehicle registration histories.

Vertafore Says Human Error to Blame

Three massive data sets were inadvertently stored on an unsecured server.

This incident happened due to human error, as an individual accidentally loaded three large Vertaforce data files onto an unsecured external storage service. Sometime between March 11 and August 1, an unauthorized 3rd party accessed the files on the unsecured server.

According to an internal source at Vertaforce, the three files contained information on driver’s licenses issued before February 2019, which the company was using for its insurance rating software solution.

In a bit of positive news, no social security numbers or banking information were accessed, and there is no evidence so far that the leaked information has been leveraged on the dark web to launch further hack attacks.

Related: 5 Common Accidental Sources of Data Leaks

How is Vertafore responding to the breach?

Vertafore said it has already notified relevant authorities about the nature of the breach, including the Texas Attorney General, the Texas Department of Public Safety, the Texas Department of Motor Vehicles, and federal law enforcement. The company is now also notifying Texas drivers whose data was exposed in the breach.

“To be considerate of all Texas driver license recipients and out of an abundance of caution, Vertafore is offering them one year of free credit monitoring and identity restoration services in recognition that these services offer valuable protection in other contexts beyond this event,” the company said.

This is not the only recent driver’s license-based hack. In September, personal information of thousands of New South Wales driver’s license holders was exposed after more than 100,000 images were left in an unsecured Amazon Web Services cloud storage folder.

Would this attack be covered by cyber insurance?

Yes. Here’s how.

Evolve’s cyber insurance policy covers  “Unauthorized Access” or an “Accidental Disclosure” of information resulting in a privacy breach due to a cyber event (aka hack attack). The main costs associated with unsecured server breaches are listed below.

First Party Coverage: 

  • IT Security and Forensic Costs ($500/hr)
  • Crisis Communication Costs ($500/hr)
  • 1st & 3rd Party Privacy Breach Management Costs ($1 – $3 per individual);
    • Credit Monitoring
    • ID Restoration & Theft Services
    • Call Center Damage Control

3rd Party Coverage:

  • Network Security Liability (Lawsuit Allegation)
  • Privacy Liability (Lawsuit Allegation)
  • Regulatory Fines & Penalties (Lawsuit Allegation)

Cyber Insurance Companies Tested by Ransomware & Pandemic

Cyber Insurance Company Owner Mike Costello

Dramatic spike in ransomware leading to long-anticipated hardening cyber market.

The Cyber Market is Finally Hardening

Cyber Insurance Companies Interviewed by Rough Notes

Cyber insurance companies recently sat down with Rough Notes, the oldest historical insurance industry publication, to discuss the state of the “hardening” cyber insurance market. The shift from in-office to remote work environments has lead to a barrage of attacks from foreign hackers, and in turn, increased losses for carriers. Cyber insurance companies on average are hardening their rates by 10% – 15%. “There was 10 years of change in 10 weeks in terms of the way people do business,” says Anita Byer, president of Setnor Byer Insurance & Risk Byer.

According to Distinguished Programs underwriter Chris Larson, “The nature of claims is not changing because of the pandemic, there is just more frequency of losses.” This spike can be attributed to the weakness of employee’s home network security versus the strength of in-office networks.” 

Ransomware is getting out of control in 2020, cyber companies report.

Security Magazine reports a 667% increase in phishing attacks & CoveWare reports the average ransom demand increase to $111,605. To protect your business, please reference the following FTC & FBI ransomware warnings.

While it remains easy to place coverage for small-mid sized businesses, the market is beginning to harden. Business and brokers alike should prepare for an increase in premiums across the board, even for companies with a spotless record when it comes to cybersecurity and hack attacks.

Related: BCP Tech Reports Hackers Targeting U.S. Hospitals with Ransomware

Evolve’s Position

Michael Costello was recently featured in Rough Notes, offering his $0.02 on the state of the market and Evolve’s approach to broker education. “The biggest issue cyber insurance faces is still the complexity surrounding coverage, as exposures and coverages change rapidly and competing insurers call the same coverage by different names.”

“Businesses now understand they have cyber exposures, as they have either had a hacking scare or seen their competitors experience attacks,” says Costello. “In response, we focus on educating retail brokers to explain cyber exposures to any business in any industry in under one minute.

Read the Full Article
Cyber Insurance Company Owner Mike Costello

Evolve | FBI Warning

UPDATED 10/27/20



UPDATE 10/27/20

11 days after the FBI, CISA hacking warning, Trustwave, a global cybersecurity company, discovered a hacker selling the personal data of 200 million+ Americans, including the voter registration data of 186 million on the dark web. The information included names, phone numbers, email addresses, physical addresses, registration information, & political party information.  

Much of the data identified is publicly available, the kind that is regularly bought and sold by legitimate businesses. That said, information such as phone numbers, email addresses, and physical addresses has been used recently in the Proud Boys voter intimidation attack by Iran-sponsored cybercriminals.

Use Evolve’s Dark Web Scanner to find out if your information has been exposed online.

Related: Top US retail insurance agency, BCP Tech, FBI warning update to client base.

Businesses Beware: The FBI & CISA Hacking Warning

With the upcoming election on the horizon, the Federal Bureau of Investigation (FBI) & the Cybersecurity & Infrastructure Security Agency (CISA) released a joint cybersecurity advisory in an attempt to thwart hackers exploiting legacy software systems & vulnerable virtual private networks (VPNs) that target our election support systems & businesses across the United States.

Click to Read White Paper

Successful Attacks: How Do Hackers Access Your Systems?

CISA has already caught hackers with unauthorized access to election support systems! How? Out of date “legacy systems” leave the door open (software vulnerabilities) for the hacker to walk right into your systems. Once inside, the hacker will look to escalate their administrative privileges to cause maximum damage, including theft of data, theft of sensitive banking information, & the installation of ransomware. You could spend tens of millions of dollars on cybersecurity solutions, but if the hacker has the same admin access as your Chief Information Security Office, your business is as good as toast. 

What’s a Privilege Escalation Attack?

How Does Cyber Insurance Save The Day?

Immediate Forensic Specialist Assistance:

In the event of a network security breach, Evolve’s cyber insurance forensic specialist experts play a vital role in getting hackers out of your system, mitigating  further damage to your systems, and getting your business back up & running. Forensic experts typically cost $500/hr, but their time is worth it’s weight in gold, as they can move with speed & efficiency to stop an attack before it gets out of control.

Essential Data Breach Attorneys:

In the event data is stolen, Evolve’s cyber insurance will cover the cost to work with data breach attorneys at $500/hr to advise your business on privacy regulatory body compliance. In addition, ancillary costs are covered; including notification costs & ID restoration.

Malicious Attacks – Ransomware & Funds Transfer Fraud:

Lastly, Evolve’s cyber insurance policy will cover malicious attacks, including ransomware and/or the use of confidential login information to successfully execute a funds transfer fraud attack. In a ransomware attack, Evolve will cover forensic costs, ransom payments, data recreation costs, business interruption, and reputational harm coverage. In a funds transfer fraud attack, Evolve will reimburse the Insured for the lost funds! 

Update Legacy Systems & VPNs: Stop Hackers Today

According to the FBI & CISA, if you are leveraging the following legacy networks and virtual private networks (VPNs), patch the following vulnerabilities: 

Related: The Living Dead – How to Protect Legacy Systems

Get a Cyber Quote Online


Microsoft Outlook Keeps Crashing…

Evolve MGA Cyber Insurance

UPDATED: Microsoft Outlook Keeps Crashing…

Does Cyber Insurance Cover My Business’ Downtime?

Microsoft’s 3rd Crash in Two Weeks

For the 3rd time in ten days, a major Microsoft outage has rendered Office 365 completely useless. Users of Outlook, Teams, OneDrive, and SharePoint were without service for over five hours on Sept. 28, four hours on Oct. 1, and for intermittent periods of time today, Oct. 7.
These outages have been impacting users across the world, but have been most intense in the United States, specifically the Northeast, Midwest, and much of California.

Are Hackers Causing the Crashes?

These outages are not suspected to be the result of malicious hacking. Per Microsoft, a chain of poorly-constructed internal updates has caused the interruptions. A company spokesperson said “At this time, we’ve seen no indication that this is the result of malicious activity.”
Update (10/23/2020): Microsoft since reversed course, confirming that these outages were in fact a result of malicious hacking activity. announced that it has successfully disrupted Trickbot’s botnet after it had ensnared some of its Office 365 users. The company submitted a legal request to take down the botnet infrastructure ran by hackers.
[Related: 6 Things to Know About the Latest Microsoft Cloud Outage]

Is This Covered By Cyber Insurance?

Yes. Evolve’s cyber policies provide $1,000,000 of dependent business interruption coverage triggered by a cyber event (hack attack) or system failure, after a 6 hour waiting period.
We agree to reimburse our insureds for income loss and extra expense sustained during the indemnity period as the direct result of an interruption to your business operations arising directly out of any sudden, unexpected and continuous outage of computer systems used directly by a supply chain partner (such as Microsoft).

The Power of Down Detector

Next time you experience an Office 365 outage, check It’s a live stream of reported outages worldwide.


Evolve | Multi-Factor Authentication


The Power of Multi-Factor Authentication

“99.9% of Hacked Accounts DID NOT Have MFA Enabled” ~Microsoft

What is MFA and how will it protect my business?

If you’ve ever withdrawn cash from an ATM, you’ve already used Multi-Factor Authentication (MFA for short). You need an ATM card (factor #1) and your PIN (factor #2). Imagine if you lost your ATM card, and it didn’t require a PIN to use. You’d likely wake up to an empty checking account!
The same principle applies to cybersecurity. Your password is factor #1, and a push notification to your mobile phone or an email is factor #2.
Chances are hackers ALREADY have access to your login credentials via The Dark Web. In fact, cyber criminals often purchase giant batches of log-in credentials and break into accounts one by one! This technique is impotent versus MFA.

What should my business protect with MFA?

Every single account should be protected by MFA, but here are the 3 most essential accounts your business should protect:

How much does MFA cost?

THE VAST MAJORITY OF THE TIME MFA IS 100% FREE. Many platforms offer complimentary MFA internally (Gmail, Outlook, Dropbox). For other 3rd party platforms without native MFA, you can use apps like Authy, that allow you to set up MFA completely free of charge.

How to implement MFA company-wide… Evolve’s playbook.

  1. A request should go from the top of the organization directly to IT. Tell them the goal is to have MFA enabled on 100% of accounts for every single employee. Give your IT department a deadline to gather and present their implementation plan.
  2. Once the implementation plan has been approved by all parties, a company-wide email should be sent to every employee with explicit step-by-step instructions on getting set up via your IT department. 
  3. Hold your IT department accountable for setting up MFA across all critical system platforms within a 2 week period. Check in after 2 weeks to ensure a successful implementation across your organization. 
  4. Set up new onboarding procedures with your IT department that include MFA for all new employees. 

Updated 11/16/2020: Microsoft urges users to stop using phone-based multi-factor authentication

Can MFA lower my business’ cyber insurance premium?

Yes! Evolve takes all information into account while underwriting on our basic one page cyber application and we do offer better pricing for companies who take their cybersecurity seriously! Having MFA enabled organization-wide is a huge indicator of strong IT practices.

MFA Explained In Under 2 Minutes

They are creative, smart and really make an effort to understand cyber risks so they can tailor the policy and pricing appropriately to our client's advantage.

Bill LewisBolton & Company

Did Ransomware Really Cause a Death in Germany?

Evolve MGA Cyber Insurance

First Homicide by Ransomware

Reported in German Hospital

Is this covered by cyber insurance?

Ransomware Attack Leaves Woman Dead

Hackers infected 30 servers at University Hospital Düsseldorf with ransomware last week, crashing computer systems and forcing the hospital to turn away emergency patients.
A woman in life-threatening condition was turned away, sent to a hospital 20 miles from Düsseldorf, and died from the delay in receiving treatment.

Plot Twist… The Hackers Reversed Course?

The ransom note sent by the attackers was not addressed to the hospital itself, but to Heinrich Heine University (a university associated with the hospital).
Police in Düsseldorf contacted the hackers and explained that the attack was impacting the hospital, not the university, putting patients in danger. The hackers then immediately turned over the encryption key to stop the attack, and dropped all correspondence an unprecedented development.

Why Are Hospitals A Target?

In 2019, a record 764 US-based healthcare providers were hit by ransomware. “Hospitals can’t afford downtime, which means they may be more likely to pay — and quickly with minimal negotiation — to restore their services,” says Brett Callow, an analyst at New Zealand security firm Emsisoft. “That makes them a prime target.”
The most intense, targeted attack on healthcare took place in 2017, when North Korea’s “WannaCray” ransomware forced the United Kingdom’s National Health Service to cancel surgeries and turn away patients.

Would Evolve Cover Ransomware Related Death?

Yes. Every one of Evolve’s cyber policies provides $250,000 of contingent bodily injury coverage triggered by a cyber event (hack attack) for all sums the Insured becomes legally obliged to pay (including liability for claimant’s costs and expenses / legal & professional defense costs).

What Does A Ransomware Attack Look Like?

An infected computer displaying the WannaCry lock screen.
Evolve | Ooops, Your files have been encrypted


Evolve MGA Cyber Insurance

Evolve’s Founder Featured

in The Wall Street Journal Pro


Have you ever sold cyber with the Data Breach Calculator?

Patrick Costello, Evolve’s Co-Founder & Principal, was featured in the Wall Street Journal Pro today discussing the power of selling cyber with Evolve’s Data Breach Calculator tool. Quantifying the financial fallout of a hacker stealing data is complicated. Often times, there are too many costs to explain to businesses, including notification costs, forensic experts, & data breach attorneys… and that is before considering the MAJOR costs. Evolve’s Data Breach Calculator simplifies this entire process with “smart” functionality, allowing a producer to individualize the data breach to the actual company! 

How is data stolen in 2020?

Ransomware. Ransomware. Ransomware. What? You read that right, ransomware not only locks up your data, but sophisticated ransomware actually “extracts” your data, so the hackers can re-sell the business’ information on The Dark Web. Once extracted, the business is obligated to follow foreign, federal, state, & private privacy regulatory body rules OR face a costly legal investigation followed by a fine and/or penalty assessment.

What does Evolve’s Data Breach Calculator look like?

Here’s the money shot. Literally.