![[LOGO] Corvus by Travelers](https://info.corvusinsurance.com/hubfs/Corvus%20by%20Travelers%20Logos/CORVUS-Travelers-SML-POS-RGB.svg "[LOGO] Corvus by Travelers")
RISK PREVENTION CASE STUDY
Packaging Products Manufacturing Company
A phishing attack caused a business email compromise at a manufacturer, diverting customer payments. Travelers responded the same day, helping to cover losses and prevent further fraud.
![[PHOTO] Risk Prevention Case Study: Packaging Products Manufacturing Company](https://info.corvusinsurance.com/hs-fs/hubfs/Website%20and%20Email%20Imagery/2025%20Imagery/packaging_products_manufacturing_case_study_image.png?width=482&height=300&name=packaging_products_manufacturing_case_study_image.png)
Key Takeaways
![[ICON] Company Information](https://info.corvusinsurance.com/hubfs/manufacturing_icon.svg){kind=icon}
Company Information
Packaging products manufacturing firm
![[ICON] Incident Type](https://info.corvusinsurance.com/hubfs/icon-cyber-inccidents.svg){kind=icon}
Incident Type
Business Email Compromise (BEC): Phishing attack resulting in misdirected funds
![[ICON] Response Time](https://info.corvusinsurance.com/hubfs/personalized%20rapid%20response%20icon.svg)
Response Time
Same day
![[ICON] Actions Taken](https://info.corvusinsurance.com/hubfs/risk%20prevention%20icon.svg)
Actions Taken
System containment, forensic Investigation, legal and claims support, customer protection, law enforcement reporting
![[ICON] Results](https://info.corvusinsurance.com/hubfs/compromised%20assets%20icon.svg)
Results
Financial loss and costs of forensic investigation and breach counsel covered, timely intervention prevented further fraudulent transfers
![[ICON] Policy Benefits](https://info.corvusinsurance.com/hubfs/underwriting%20icon.svg)
Policy Benefits
Helps provide coverage for unrecoverable financial loss, legal guidance and forensic investigation support
Case Study Overview
A phishing attack targeting a mid-sized manufacturer led to fraudulent customer payments being diverted to a threat actor. The company incurred a financial loss when its customer unknowingly transferred funds to the threat actor’s account. A quick response from Travelers enabled the insured to confirm the scope of the incident, engage forensic and legal experts and implement employee training to prevent future compromises.
The Challenge
The incident began when a company employee unknowingly engaged with a phishing email, allowing a threat actor to compromise the employee’s email account. Using this access, the threat actor impersonated the employee and convinced a customer to change its usual method of payment from checks to ACH transfers. Believing the instructions were legitimate, the customer sent multiple payments directly to the threat actor’s account.
The fraudulent scheme went undetected for months until the insured reached out about overdue invoices and learned the customer believed it had already paid. At that point, the company not only faced the immediate financial loss, but also the possibility that sensitive data could have been exposed. In addition, there was a risk of reputational damage with key customers and potential regulatory obligations if the compromise extended beyond the single account.
Corvus by Travelers' Response
Once the organization discovered that funds had been misdirected, it filed a claim with Travelers. The Travelers Cyber Claim team assigned a dedicated claim professional to the case and initiated a coordinated response process, including.
-
Forensic Investigation: A panel forensic team was engaged to confirm the scope of the intrusion and determine whether any systems or data beyond the single compromised account were impacted.
-
Legal Guidance: A data breach coach conducted a legal risk assessment, confirming that the company had no notification obligations arising from the incident.
-
System Containment: The compromised email account was locked and the credentials reset to prevent further unauthorized access.
-
Law Enforcement Reporting: The insured filed reports with its local police department and with the FBI’s Internet Crime Complaint Center (IC3) portal.
-
Customer Protection: With assistance from the data breach coach and forensics team, the insured was able to alert another customer that received similar fraudulent payment instructions from the threat actor, preventing further losses.
Results & Policy Benefits
The coordinated response led by Travelers helped the manufacturer contain the incident quickly and limit its impact. The financial loss, along with the costs of forensic investigation and data breach coach, were covered under the company’s cyber policy.
Importantly, the company avoided further losses by quickly warning another customer and working with Travelers, their data breach coach and forensic experts to contain the threat. As a result, the company maintained uninterrupted operations, preserved customer trust and strengthened its defenses with new employee phishing training.
Note: Business email compromise continues to be one of the most common cyber threat vectors. From January 1, 2023, to December 31, 2024, Travelers managed more than 2,300 claims related to phishing and social engineering fraud, two common business email compromise schemes.
These incidents often lead to financial losses, and in many cases, provide threat actors with access that can escalate into a ransomware attack.
This material does not amend, or otherwise affect, the provisions or coverages of any insurance policy or bond issued by Travelers. It is not a representation that coverage does or does not exist for any particular claim or loss under any such policy or bond. Coverage depends on the facts and circumstances involved in the claim or loss, all applicable policy or bond provisions, and any applicable law. Availability of coverage referenced in this document can depend on underwriting qualifications and state regulations. Case study is based on actual situations, composites of actual situations or hypothetical situations. Resolution amounts are approximations of both actual and anticipated losses and costs. Facts may have been changed to protect confidentiality.