Social Engineering - The Digital Conman
Social Engineering Fraud is where the modern day conman thrives. Criminals are pairing minor hacking capabilities and their art of persuasion with readily available information such as email signatures, phone numbers, and social media accounts to convince businesses to wire transfer large sums of money into offshore accounts. They are not hacking into your accounting department and stealing money. They are coaxing employees into believing that they are paying for a service, making the employees the victim as well as the business. The Federal Bureau of Investigations has seen over $1 billion lost in social engineering fraud over the past two years and have observed three main tactics these criminals are using through phone, email and fax:
- An email is sent appearing to be from a client or vendor with instructions to change their original wiring information to an alternative account.
- An email is sent appearing to be from a senior executive within the company to the accounting team to wire transfer money to an alternative account.
- An employee’s personal email is hacked into and sends out a wire transfer request.
All business sizes need to take heed against this threat and implement procedures in order to combat the inevitable attack. Risk management tactics include:
- Ensure that no one person is in charge of all wire transfers.
- Implement a protocol for each payment.
- Contact the requesting vendor or client before sending.
- Confirm with an additional source at the company prior to completing the request.
- Confirm with the vendor or client if wiring and account changes are made.
- Verify the account number and receiving location with your bank.
- Take the time to utilize all of the security resources your bank offers.
- Inform all employees of this threat and educate them on ways to safeguard against attack.
- If you receive an email request, respond with a different form of technology such as a phone call or text.
Insuring your company against social engineering fraud goes beyond a typical crime policy. Speak with your trusted insurance advisor at Swingle Collins & Associates today to add a social engineering fraud endorsement to your employee theft policy to receive reimbursement for fraudulently misled payments.