That's right, more social engineering scams
13 May 2019
Another day, another social engineering scam.

It's something we talk about a lot at Realcover – and that's because it's our business to protect your business.

You know social engineering scams are on the rise and they’re causing serious financial harm to businesses all over the world. These scams involve the use of deception to manipulate individuals into carrying out a particular act; for example, transferring money, handing over confidential information or clicking on a malicious link.

Cyber criminals are becoming more sophisticated in their scamming techniques and now increasingly attempt to impersonate companies and people.

Previously, scam emails in the form of an appeal for help or bogus prize giveaways were common. But now cyber criminals are impersonating companies and employees, and they pay close attention to detail to ensure their fake communications look as authentic as possible.

 Common social engineering scams:

  1. Duping an employee into believing a fraudulent email demanding a transfer of funds is from their CEO

  2. Phishing of customers by impersonating an organisation

  3. Electronic manipulation of documents

What’s the cost?

CFC Underwriting, a specialist insurance provider and pioneer in emerging risk, says the losses incurred by businesses affected by social engineering scams are staggering.

“According to the FBI, between October 2013 and May 2018 alone, $12.5 billion was lost worldwide due to funds being transferred following social engineering scams,” CFC explained in a recent article.[1]

With more and more businesses conveying money electronically, the opportunity for cyber criminals to intercept these transfers is increasing. In fact, funds transfer fraud made up 30 per cent of CFC’s total cyber claims by number in 2017. 

What can you do to minimise risk?

Many businesses mistakenly believe they don’t need to purchase cyber insurance because they think they have strong IT security in place and spend a lot of money protecting their networks. But strong IT security controls are not enough. They don’t always protect against events that don’t necessarily involve a third party accessing the network, such as social engineering attacks or the actions of a rogue employee.

With attacks becoming increasingly sophisticated, it can be very difficult to tell the difference between a real email and one that’s fake.

So what can you do to protect your agency? Here are a few tips:
  • Call back procedures | Validate every new payee account or account change with a simple phone call
  • Multi-factor authentication on email accounts | Always have authentication for trusted devices to be used for any external connection to email
  • Training | Raising the awareness of your staff is essential to avoid potential cyber issues

The most important thing to do, though, is to ensure you have the right cyber insurance cover. Any organisation that uses electronic fund transfers in the course of their business activities is vulnerable to these kinds of attacks, and having a cyber insurance policy with cyber crime coverage in place is a good decision.

Want more?