What is Social Engineering Fraud? While you might not believe you know it, you most likely do. You have been targeted multiple times, possibly even recently. Social Engineering Fraud is the leading cause of data breaches, and has led to billions in dollars being stolen. What is social engineering fraud?
Interpol confirms that this is correct InterpolSocial Engineering Fraud refers to a scam that tricks, deceives and manipulates victims to make money transfers or disclose confidential information that can be used for criminal purposes. To commit a crime, it relies on human-to–human interaction and not guns or hackers.
Phishing is the most widespread form of Social Engineering Fraud. Phishers send unwelcome emails that appear to be legitimate requests for information or payment. This same technique can be used by phone (“Vishing”) or text message (“SMishing”). Phishers can impersonate real businesses by using logos and similar designs.“spoofed”) email addresses. Their emails often include a call-to-action.
According to statistics, phishing rates have declined over the last few years. The rates of spearphishing are increasing, however. Spear phishers do not cast a broad net like phishers. They target individuals within an organisation, especially those with financial or sensitive information.
To convince an employee to transfer $50 million to an account to fund a fraudulent acquisition project, spear phishers disguised themselves as the CEO of an Austrian aeronautical company. Spear Phishing is also known by the names whaling and CEO fraud. Spear Phishing emails were used to obtain the password for a Gmail account that Hillary Clinton’s campaign chairman used.
Social Engineering Fraud comes in many forms. However, the following are some of its distinctive elements.
- Identifying Targets. Open source intelligence, social media, and corporate websites are often used by criminals to profile potential targets, build an accurate picture of an organization, identify key executives, and find members of the finance team.
- Grooming Relationships. Targeted individuals are contacted using emails that include publicly available information and profiles on social media. This makes them more likely to be read and considered authentic. This may take days, weeks, or even months.
- Exploiting Vulnerabilities. Once the targets have convinced themselves that they are dealing legitimately with an authorized person, they will be asked to perform a routine or another legitimate function. They may receive wiring instructions or formal requests for information or documents.
- Fraudulent Act. Unwittingly wired money is immediately transferred to another bank account. The information is used immediately to perpetrate additional crimes such as identity theft.
Social Engineering Fraud is a risk to all businesses, especially small and medium-sized ones that are most at risk. According to the Federal Bureau of Investigation spear phishing scams are growing and evolving, with a focus on businesses of all sizes, There has been an increase of 1,300% in losses identified since January 2015. This totals more than $3 billion.
Many businesses mistakenly believe that losses caused by Social Engineering Fraud will be covered by their standard business insurance policies. This error is often overlooked until it’s too late. These losses are often not covered by standard business insurance policies.
Standard commercial property and general liability insurance policies don’t cover Social Engineering Fraud. However, coverage gaps in policies which appear to be able to protect against these losses are something that is often not expected.
Social Engineering Fraud, for example, isn’t always done online. However, it does not necessarily involve hacking into or compromising computer systems. A standard cyber liability policy may not cover you depending on your circumstances. Because victims send money knowingly and voluntarily, coverage can also be denied under a standard policy for crime or fidelity.
These gaps can be filled with Social Engineering Fraud Endorsements. They are specially designed to protect the unique risks associated with Social Engineering Fraud.
- vendor or supplier impersonation;
- Executive impersonation
- client impersonation.
Social Engineering Fraud can cause serious financial losses. Every company should review their insurance policies to find and fix any gaps in coverage. Social Engineering Fraud is not a simple matter. It’s important to have safeguards in place, educate employees, and keep them informed.