Social engineering fraud: is your business

Global Courant

What is Social Engineering Fraud? You may not think you know, but you do. In fact, you have been targeted repeatedly and recently, probably even today. Social engineering fraud is a leading cause of data breaches and has caused billions of dollars to be stolen. So what is it exactly?

According to Interpol, that is correct, Interpol, Social Engineering Fraud is a type of scam that deceives, deceives or manipulates victims into initiating money transfers or disclosing confidential and personal information that can then be used for illicit purposes. It relies on human-to-human interaction, not guns or hackers, to commit a crime.

Phishing is the most common form of social engineering fraud. Phishers send unsolicited emails that look like legitimate requests for payment or information. The same technique can be performed over the phone (“Fishing”) or SMS (“Smishing”). Phishers often impersonate real companies by using real logos and such (“counterfeit”) email addresses. Their emails usually contain a call to action.

Statistics indicate that the number of phishing attacks has decreased in recent years. However, the number of spear phishing is on the rise. Unlike the broad network of phishers, spear phishers target specific individuals within an organization, especially those who have access to finances or sensitive information.

For example, spear phishers posing as the CEO of an Austrian airline company used a Business Email Compromise attack to convince an employee to transfer nearly $50 million to an account for a bogus acquisition project. (Spear phishing is also known as whaling or CEO fraud.) Spear phishing emails were also used to obtain the password of a Gmail account used by Hillary Clinton’s campaign chairman.

Despite its many forms, social engineering fraud generally contains the following distinguishing elements:

• Identify goals. Criminals often use open source information, social media and company websites to profile potential targets, develop an accurate picture of the organization and identify key executives and members of the finance team.
• Taking care of relationships. Targeted individuals are contacted through emails that incorporate publicly available information and social media profiles so that they are more likely to be read and believed to be authentic. This process can take days, weeks or months.
• Exploit vulnerabilities. Once targets are satisfied that they are dealing with an authorized person regarding a legitimate business transaction, they are asked to perform a routine or otherwise legitimate function. For example, they may be given wiring instructions or formal-looking requests for documents or information.
• Carry out the fraud. Unintentionally transferred amounts are immediately transferred to another account. Sensitive information that was disclosed is immediately used to commit other crimes, most commonly identity theft.

Social engineering fraud poses a serious risk to any business, especially small and medium-sized businesses, which are the most targeted. According to the Federal Bureau of Investigation, spear phishing scams continue to grow, evolve and target businesses of all sizes. Since January 2015, there has been a 1,300 percent increase in identified losses, totaling more than $3 billion.

Many companies mistakenly believe that losses attributed to social engineering fraud are covered by their standard business insurance policies. Unfortunately, this error is often not revealed until it is too late. Standard business insurance has some coverage gaps when it comes to these types of losses.

Standard commercial general liability and property insurance policies are not designed to provide protection against Social Engineering fraud, so the lack of coverage should be somewhat expected. However, what is not usually expected are coverage gaps in policies that otherwise seem well suited to protect against these losses.

For example, while social engineering fraud typically takes place online, it does not necessarily involve hacking or compromising computer systems. So, depending on the circumstances, coverage may be denied under a standard cyber liability insurance policy. And since victims end up sending money knowingly and voluntarily, coverage can also be denied under a standard crime or fidelity policy.

Social Engineering Fraud Endorsements are available to fill these coverage gaps. They are specifically designed to cover the unique risks of social engineering fraud, including:

• imitation of seller or supplier;
• executive impersonation; And
• imitation of the customer.

Social Engineering Fraud losses can be devastating. Every business should review its insurance policies to identify and address actual or potential coverage gaps. Unfortunately, when it comes to social engineering fraud, it’s not always enough to take precautions, maintain awareness, and train employees.

Social engineering fraud: is your business

World News,Next Big Thing in Public Knowledg

#Social #engineering #fraud #business