You’re probably aware that there are a variety of scams out there trying to steal your personal information, but there are also types of scams that can try to harm your business. You and your employees should be extra vigilant in defending against one form of cyber crime in particular – social engineering fraud.
Social engineering is the use of deception in an attempt to get confidential information from a person, then use it for fraudulent purposes. These attempts take a variety of forms and may also target the employees or customers of organizations and businesses. Falling victim to this type of fraud can cause devastating financial losses or damage to your reputation.
Go Phish: The Main Types of Social Engineering and Computer Fraud
Social engineering fraud can take a variety of forms, but some of the most common risks you should be aware of are:
- Business Email Compromise – Criminals will often compromise a financial institution officer or senior employee’s email and then send out fraudulent emails asking clients to provide bank account information. The emails often appear to be authentic and may include a link that requires the client to log in to obtain their details.
- Pretexting – Fraudsters may send individuals a fake phone call, callback, or text from the IT department of the company requesting login information to fix an error.
- Quid Pro Quo/Ransomware – This is when the scammer uses blackmail to get a business to release private information.
- Baiting – With this type of fraud, malware infects a computer after tricking an employee into downloading free movies, music, or files.
- Caller ID Spoofing – In this situation, a caller intentionally falsifies their phone number to hide their identity. Then when the caller answers, they use false information to try to steal a person’s confidential information.
- Fake Websites – An impersonation of a real company's website is created and used by cybercriminals to obtain private information from clients of the business.
The Pandemic Is Fueling Even More Scams
Since the start of COVID-19 and the ensuing pandemic, cybercriminals have been taking advantage of small business employees who may not be as vigilant against attacks when working remotely. Criminals use social engineering to commit crimes by manipulating or deceiving someone using fraudulent instruction. The instructions get the unsuspecting employee to provide personal or confidential information which will then be used for fraudulent purposes.
Recent studies report that phishing emails have gone up some 700 percent. With many companies adopting remote work setups during the pandemic and beyond, the virtual platforms that teams rely on to communicate can also be a source of cyber attacks. In April 2020, Forbes reported that “more than half a million Zoom account credentials, usernames and passwords were made available in dark web crime forums.”
Scammers take advantage of a person’s natural tendency to act first and think later and the pandemic has provided ample opportunity for this. People are less cautious while working away from the office. Many individuals are anxious for updates and information on the virus, and scammers have preyed on that fear to take advantage of millions of people.
Measures You Can Take to Avoid Social Engineering Losses
Because social engineering fraud can happen to anyone and takes place in a variety of forms, minimizing your exposure is the best way to protect yourself from an attack. By preparing ahead of time and having the appropriate processes and computer systems in place, a business can significantly improve its ability to detect and respond to a phishing attack. This can reduce the financial and operational impact of social engineering fraud and funds transfer fraud.
To best protect your business, start by training your employees and making them aware of the various types of social engineering fraud. Train them in how to recognize an attack and how to respond to them. Consider testing employees by running simulated scams and create a system that allows employees to easily and quickly report any suspicious activity or incidents to the appropriate risk management and IT departments.
Also, your business should have policies in place for employees regarding internet usage, including the use of social media sites such as LinkedIn or Facebook, Employees should be educated on how to spot suspicious emails requesting payment details or banking account information, as well as financial transactions that could endanger the private information of your business from unauthorized users, access, disclosures, and loss.. Make sure they know to verify the legitimacy of such emails by contacting the official sender of the email with appropriate contact information, not those provided in the suspicious email. Test your processes and response plans so that the impact of an incident can be minimized if one occurs.
Lastly, be sure to implement password requirements for complex passwords and consider requiring multi-factor authentication to protect systems with sensitive information. Be sure that data is routinely backed up and that the backup systems are tested regularly. Implement logging technology that identifies and tracks suspicious activity on the network. This information will be critical after an incident occurs.
Getting the Right Coverage for Your Business
Even a business that is well-managed and has put processes in place for employee training, background screenings of partners, up-to-date technology, and financial checks can still be the victim of social engineering fraud. Scammers can gain the confidence of even the best employee by posing as a client, vendor, another employee, or an authorized person. After gaining their trust, they can then instruct them to wire transfer money or provide sensitive business information. Most businesses don’t even realize the fraud has occurred until the real recipient states they never received a legitimate payment. Unfortunately, it is then too late to stop further theft which is why it is important to be prepared and protect your business to prevent serious loss of reputation or financial loss. Your agent can help you determine the type of insurance policy that is best for you.
The advisors at Conover Insurance are here to help you outsmart social engineering fraud. We specialize in finding cyber insurance solutions for small businesses across a wide variety of industries. We offer protection against social engineering attacks to protect your company from a range of cyber attacks and are committed to evolving the coverage and cyber policies we offer as new threats to our customers emerge. Reach out to us to receive a complimentary review of your cybercrime coverage to make sure you aren’t vulnerable to digital threats.