Wire Fraud and Social Engineering: Protecting Against Million-Dollar Scams with David Finz of Alliant Insurance

In a recent episode of Brick by Brick, host Jason Reichl sits down with David Finz, Senior Vice President at Alliant Insurance Services, for a candid conversation about the cyber threats hitting businesses right now. From million-dollar voice cloning scams to the everyday email that could drain your bank account, David shares real stories from the claims he handles and the practical steps that could save your company tomorrow.

‍

‍

To find out how TrustLayer manages risk so that people can build the physical world around us, head to TrustLayer.io.

The $20 Million Wake-Up Call

David opens with a story that should terrify every business owner: "We've actually now seen for one of our clients the first vishing incident, this voice phishing, that has gotten headlines. It was a very high profile event in Hong Kong last year where someone made off of $20,000,000, and now we're beginning to see this in terms of our own clients."

Welcome to the new world of cybercrime, where criminals use AI to clone voices and impersonate executives. But here's what might surprise you—most businesses are getting hit by much simpler attacks that don't make headlines but still cost six and seven figures.

It's Not Just About Data Breaches Anymore

"Data breaches were kind of the impetus for a lot of companies to initially buy insurance. Now we've moved into other vectors of attack," David explains. The new threats keeping him busy? Social engineering, wire fraud, and business email compromise.

Picture this scenario David describes: Your coffee distributor payment is due on the 17th of the month. On the 16th, you get an email saying they've updated their wire instructions. Seems normal, right? Wrong. Criminals have been watching your systems, learning your payment cycles, and that "urgent" update just cost you thousands.

David's advice is deceptively simple: "Pick up the phone. Call the vendor. Don't use the phone number in the email you just received if it's suspicious. Go to your records. Call them and make sure that you can authenticate, as we say, out of band that this payment instruction change is in fact legitimate."

The Insurance Reality Check

Here's where David gets brutally honest about insurance: "You don't wanna rely on insurance as a way of mitigating risk. It's a risk transfer tool. It's a backstop. It's not a substitute for having good security, good controls in place."

But when attacks do happen, you better know which policy actually pays. David breaks down the coverage maze:

• Cyber insurance covers social engineering fraud when employees fall for fake wire instructions
• Crime/fidelity bonds might cover direct theft from your bank accounts
• Professional liability could apply if your vendor's network gets compromised

"Cyber insurance is one of several products that can respond to an event like this," David notes. The key word? Several. You need to check all your policies, not just assume cyber coverage handles everything.

‍

Breaking Down the Silos

One of David's biggest frustrations? Companies where risk management, IT, and HR operate in completely separate worlds. "You have risk management, who's actually the buyer of the insurance. You have IT that is controlling what email filters are being used. You have HR who might be responsible for offboarding employees."

His solution? Get everyone in the same room for tabletop exercises. "One of the things that risk managers can do to elevate their profile within an organization is to bring in an outside firm like Alliant to conduct a tabletop exercise for their internal stakeholders, for the folks of the C suite."

The result? "The risk manager looks like a star within their own organization because they brought in an additional resource."

The "Department of No" Problem

Jason and David tackle a common issue: risk managers being seen as roadblocks. "You don't wanna be seen as vetoing everything," David agrees. Instead, the goal is becoming what Jason calls "a yes, but how" department—enabling business while managing risk smartly.

This is especially critical as threats evolve. "Quantum computing is just going to rapidly accelerate the ability of threat actors to crack the code, so to speak," David warns. "It doesn't change the essential character of the threat. It just means that they're gonna be more persistent, more pervasive, and frankly, more sophisticated, harder to stop."

The Human Factor

Despite all the talk about AI and sophisticated technology, David keeps coming back to human psychology. "We have to be aware of how AI is gonna be deployed to advance these threats," he says, but adds that the fundamentals haven't changed: "Have a healthy degree of skepticism when you're the recipient of these emails or that voice message."

His three-layer defense system is refreshingly straightforward:

1. Someone receives the suspicious request
2. Another person does the out-of-band authentication
3. An executive signs off on the transaction

"You kind of have, like, a three layer system to have some checks and balances built in."

Final Thoughts:

Ten years ago, CIOs would say "nobody can hack us" or "we're not a likely target." David notes, "Nobody's really saying that anymore because we recognize everyone is a target."

The solution isn't perfect technology or bulletproof insurance—it's combining smart controls, good processes, and healthy skepticism. As David puts it: "Let's break down the wall between risk management and IT and get people to work together."

Because in the end, the companies that survive aren't the ones with the best firewalls or the most expensive insurance. They're the ones where people actually talk to each other, question suspicious requests, and remember that a simple phone call can save millions.

To hear more practical insights from someone who sees these attacks daily, tune in to this episode of Brick by Brick.

👉 Spotify: https://spoti.fi/3HEx8vH
👉 Apple Podcasts: https://apple.co/43XcazC 

Podcast Host: Jason Reichl
Executive Producer: Don Halliwell