Contain damage from compromised suppliers

Summary: An attacker hacks a supplier's email account and changes the IBAN on a standard payment request. Because the company's own accounting department manually approves and authorizes the transfer, traditional IT security controls fail to trigger an alarm. Baobab's Crime insurance covers this financial loss where conventional protection concepts fail.
Who is this relevant for? This scenario affects companies with active payment transactions and regular supplier relationships. It is particularly relevant for businesses that manually update master data and need to protect their liquidity against the financial consequences of targeted deception (social engineering) and identity theft by third parties.
The attack
A medium-sized manufacturing company (80 employees) receives a standard email from its main supplier. Attached is the expected invoice for €85,000. The text mentions a new bank account. The accounting department checks the invoice, updates the IBAN in the system, and authorizes the payment.
The catch: The email actually originated from the supplier's mail server – but it had been hacked unnoticed beforehand. The fraudsters simply swapped the IBAN on the PDF. The €85,000 flows directly into the criminals' account and is lost.
Why cyber insurance doesn't pay
When the loss is discovered, standard cyber insurance policies and IT security solutions usually refuse to cover it. There are specific reasons for this:
- No breach of your own systems: Your own firewall and security systems functioned perfectly. The hack took place in the supplier's infrastructure, not in your own network.
- Self-authorized: The financial outflow was approved by your own team as part of a standard daily process.
- Focus on technical damage: Standard cyber policies focus primarily on the consequences of system breaches, data encryption, or malware within your own company.
Without a hacker attack on your own Standard cyber insurance policies generally do not cover this type of "payment diversion." The company is left to bear the €85,000 loss itself.
The solution: Baobab Crime closes the gap
Baobab's Crime fidelity insurance was specifically developed to cover the intersection of human deception and financial loss:
- Protection against social engineering: The Crime coverage concept explicitly includes financial losses resulting from identity theft, targeted deception, and manipulated payment instructions by third parties.
- Protection beyond your own IT: Coverage applies regardless of whether the error occurred within your own system or on the side of a business partner.
- Maintaining liquidity: Thanks to fast and unbureaucratic claims settlement, the affected company can pay the genuine supplier's outstanding invoice on time and continue operations without any bottlenecks.
Protect your liquidity from the mistakes of others. Speak to your insurance broker about Baobab's Crime protection now or contact us for more information.

FAQ
1. Why don't IT security systems trigger an alert for manipulated invoices?
Because there is no technical attack on the system. Fraudsters use a partner's hacked email account to send an email that looks authentic. Since the transfer is manually and properly authorized by your employees in the banking portal, there is no reason for firewalls or antivirus programs to raise an alarm.
2. How can this risk be minimized organizationally in everyday business?
The most effective method is to establish strict control routines. Every written notification regarding a change in bank details should be verified via a phone call. Important: Only use the contact person's phone number from your already verified master data—never the contact details provided in the email requesting the change. Additionally, the four-eyes principle should be consistently applied to all payments above a defined amount.
3. Does Crime fidelity insurance replace a classic cyber insurance policy?
No, it is a necessary supplement. While cyber insurance (such as Cyber Safe) covers technical attacks, business interruptions, and data recovery following a system breach, Crime fidelity insurance covers targeted financial damage caused by the deception of employees. Together, both products form a seamless security architecture.


