Practitioners of cyber-crime are always coming up with clever ways to steal money or valuable information. One of the newest, but relatively unsophisticated methods is done by only using an email, fax, letter or with a phone call. This new cyber con is called Social Engineering Email Fraud.
The way it works is an employee is tricked into sending money or payments to the scammer by:
Step 1: They identify a key decision maker (CEO, COO, CFO or someone with the power to authorize payments within an organization by checking their website, viewing the company’s social media accounts or even simply calling the organization.
Step 2: Once they have the name and contact information for a company’s key decision maker (CEO, COO, CFO or someone with the power to authorize payments) they will then target an individual within the company who manages the banking accounts or credit cards (i.e., an accountant, administrative assistant, payroll manager and others in similar positions) .
Step 3: This targeted individual will receive a communication from the decision maker (that is in fact the scammer) asking them to make a payment, transfer money or send funds in some other way to a seemingly reasonable destination.
Step 4: The targeted employee will make the payment following what appears as a typical request and that they have likely done numerous times before.
Step 5. The cyber criminals will receive the funds and disappear.
According to the Symantec 2014 Internet Security Threat Report, Social Engineering Fraud has sharply risen over the last few years. Cyber criminals have discovered how easily this scam can succeed with minimal cost and effort. Their study shows that Social Engineering Fraud attacks:
- Increased 91% between 2014-2015
- Occurred at a rate of over 100,000 attacks each day
- Target businesses of all sizes (34% of large businesses, 31% of medium, businesses and 30% of small businesses)
- Target 1 in 2 large businesses and 1 in 5 small businesses
The financial losses and disruption in business caused by Social Engineering Fraud can be significant, and another major concern is that these attacks may not be covered by all insurance policies. Because of the unique nature of the scam and the fact that the funds were willingly given by an authorized individual gaps in coverage can occur even if your business is protected by Cyber Liability Insurance. To help protect your business from Social Engineering Fraud many carriers have developed a specific Social Engineering Fraud endorsement that can be added to your policy to specifically safeguard you against this threat.
To make sure your business is properly protected in the event of a Social Engineering Fraud attack, please contact us and we will be happy to review your policy and determine if you need an additional coverage. We can also discuss how your coverage would respond to funds transfer fraud, computer fraud and cyber theft of company records.
Click here for a downloadable version of this post.