Combatting Social Engineering Fraud

Due to the threats and the severity of the potential claims involved, every company should be looking at ways to combatting social engineering fraud.

Social Engineering is a broad term used in the insurance industry which refers to trickery or scams that are occurring with regular frequency today.  Often, the scammer will impersonate, via email a member of a company’s executive team and then manipulate other employees in the company to voluntarily wire money to fraudulent bank accounts, give up confidential information, or perform other tasks that could harm the company.  The scammer is able to speak in the same voice and tonality as the company executive because they have hacked into the company’s email and have studied email traffic, often for months in order to understand how people communicate and what they “sound like”.

How big of a problem is Social Engineering Fraud?

In 2020 the FBI reported a 69% increase in total complaints of internet frauds over 2019 with business email compromise schemes costing about $1.8 billion.  Business email compromises are the most frequent means of social engineering fraud.  The average social engineering attack costs U.S. firms an astounding $130,000.  And, without the right Cyber Insurance, those claims are likely not covered anywhere else in the typical business insurance program. That’s a lot of dough to flow through your fingers and into the hands of a hacker which you’ll never see again.

What are the types of Social Engineering Fraud?

There are several.

The first, I just mentioned – business email compromise.  Hackers gain access to your email server and observe the traffic between employees and others for weeks, possibly months.  This is one of the key reasons that cyber insurance underwriters are mandating MFA or multi-factor authentication be in place prior to binding a new cyber policy.

2. Invoice Manipulation – here hackers will impersonate a company employee such as a bookkeeper and attempt to trick the company’s customers or vendors into paying outstanding invoices into a fraudulent bank account.  Again, this often begins with a compromised email server.

3. Funds Transfer Fraud – in this fraud, hackers identify a firm’s vulnerabilities, steal their passwords and banking credentials to access accounts and make unauthorized fund transfers.

4. Telecommunication Fraud Loss

5. Cryptojacking Attacks

According to specialty cyber insurer, Corvus; 70% to 90% of all malicious breaches are due to social engineering and phishing attacks.  The FBI reports that scams continue to evolve and target small, medium, and large businesses.

Here’s the bottom line.

You need to protect your company and its assets, especially cash in the bank, and that starts with a strategy.  The document attached to this post is from Chubb and will provide you actionable steps to help improve your cyber security, and most specifically around social engineering threats.

Need more assistance?

Why not contact us by clicking the button below, and let’s see how we can assist with your cyber security insurance and risk management needs.

Thanks!