Skip to Main Content

Social Engineering Fraud – Are You Covered?

Wednesday, September 20, 2017
Print

Cybercriminals are now regularly using phishing techniques to obtain information about your company that would allow them to successfully impersonate an employee, vendor, or financial institution in order to convince an employee to wire them money (currently, the average requested wire transfer is $10,000 to $40,000). 

Typically, the email looks very legitimate, oftentimes coming from the correct email or an email address that’s slightly modified.  Here are a couple of samples:

Accounting,

We’re late on a payment, please wire $15,000 to ABC Contracting’s bank account to pay for some recent work done.  I promised them they’d have payment today, so please process ASAP!  I can get you more information later.

– President

Accounts Payable,

Please note that our bank account has now changed.  Please wire your next payment to our new account.

Supplier,

The cybercriminals are preying on the amount of business conducted via email in this day and age, combined with an increased sense of urgency.

This type of event is not automatically covered by most Crime or Cyber policies, as it’s excluded under “Voluntary Parting.”   The coverage typically has to be specifically endorsed for coverage to apply.  This coverage is rather “new” to the insurance industry and wasn’t widely available until just recently.  Carriers are still only offering lower limits, with deductibles larger than the other Crime coverage purchased.

The best risk management techniques:

  • Verbal verification – call the person requesting the funds the verify they did intend to make the request (use the phone number you have on file, not the one from the email signature, especially if the request comes from a vendor, noting a bank account change)
  • Educate your employees on how to identify a phishing scam (see the attached pdf for more information)
  • Purchase Social Engineering Fraud coverage (also known as “Deception Fraud”)

KnowBe4 has recently published a blog called, Scam Of The Week: Phishing Moves To Smishing. In it, the company offers some great information about how internet bad guys are increasingly trying to circumvent your spam filters and instead are targeting your users directly through their smartphone with Smishing attacks, which are hard to stop.

They suggest you send employees, friends and family an email about this Scam Of The Week, feel free to copy/paste/edit:

“Bad guys are increasingly targeting you through your smartphone. They send texts that trick you into doing something against your own best interest. At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam. 

 

Always, when you get a text, remember to “Think Before You Tap”, because more and more, texts are used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information.  Here is a short video made by USA Today that shows how this works: https://www.youtube.com/watch?v=ffck9C4vqEM

KnowBe4 has also published a great pdf on how to spot social engineering red flags (PDF).  The link goes to a complimentary job aid that you can print out and pin to your wall. 

Material posted on this website is for informational purposes only and does not constitute a legal opinion or medical advice. Contact your legal representative or medical professional for information specific to your legal or medical needs.

Get Started

Let Your Aspirations Set the Agenda

Grow with who you know. Reach out to us today and start the conversation, so you’re better protected and prepared for what comes next.

Talk to an Advisor

man looking left