A community nonprofit suffered an email breach that led an employee to send $1.55 million to someone claiming to be a client. After realizing that the payment instructions were fraudulent and its email had been breached, the nonprofit reached out to Coalition.

Our claims team immediately requested the transaction information, which was provided within 15 minutes. The funds transfer fraud (FTF) was reported to our U.S. government agency partners to see if they could work with the banks to freeze the funds before they arrived in the fraudulent account. While on the phone with the nonprofit’s executive director, Coalition received confirmation that all of the funds were frozen and would be safely returned to the nonprofit. Over the course of a single phone call, the nonprofit went from panic mode to a sense of relief, knowing that the funds would be returned — all within an hour of the fraud being reported.

Even though the funds were recovered, the nonprofit still needed to work through the business email compromise that made the fraudulent transfer possible, so they selected Coalition Incident Response (CIR)¹ to lead the digital forensics investigation. The compromise resulted from a phishing email, and CIR verified the threat actor was out of the environment by correlating the final dates of their access against the last password change times for the impacted accounts.

One key coverage helped this nonprofit navigate the claim after the funds were recovered: Breach Response. After the nonprofit paid its $5,000 self-insured retention, Breach Response covered the costs for breach counsel and CIR, which totaled nearly $12,000.

1. Coalition Incident Response services provided through Coalition’s affiliate are offered to policyholders as an option via our incident response firm panel. 2. The claim scenarios described here are intended to show the types of situations that may result in claims. These scenarios should not be compared to any other claim. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued and applicable law. The descriptions contained in this communication are for preliminary informational purposes only. Coalition is a trading name of Coalition Risk Solutions Ltd. which is an appointed representative of Davies MGA Services Limited, a company authorised and regulated by the Financial Conduct Authority (FCA), registration number 597301, to carry on insurance distribution activities. You may check this on the FCA register by visiting the FCA website www.fca.org.uk. Coalition Risk Solutions Ltd. is registered in England and Wales: company number 13036309. Registered office: 34-36 Lime Street, London, United Kingdom, EC3M 7AT. Copyright ©2024. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc.