social engineering fraud
Property Casualty

Eyes Wide Open: Social Engineering Fraud

Miles Weis
Miles Weis
AVP, Executive Risk and Cyber Practice Leader

Companies face an onslaught of countless exposures as they navigate the tumultuous business landscape. Today’s litigious and digital world has created threats that businesses of yesteryear never had to contemplate. Unfortunately, many of these perils are brought on by corrupt actors. One of the fastest growing areas of loss to businesses is through the act of Social Engineering Fraud (SEF). Companies can no longer afford to be blind to these risks.

SEF has been defined by Interpol as “the scams used by criminals to trick, deceive, and manipulate their victims into giving out confidential information and funds. Criminals exploit a person’s trust in order to find out their banking details, passwords, or other personal data. Scams are carried out online — for example, by email or through social networking sites — by telephone, or even in person.”

One form of SEF is called Business Email Compromise (BEC). Beazley, a leader in cyber liability insurance and breach solutions, defines BEC as a “social engineering attack in which a cybercriminal uses compromised email credentials or spoofs a legitimate email address in order to induce an employee to make a wire transfer or other electronic payment to a bank account controlled by the cybercriminal or, in some cases, to transfer sensitive data such as W-2 forms.”

The Internet Crime Complaint Center (IC3) of the FBI reported these startling statistics in July 2018.

  • From October 2013 to May 2018, there were 78,617 domestic and international incidents of BEC and $12,536,948,299 in lost dollars.
  • Between December 2016 and May 2018, there was a 136 percent increase in identified global exposed losses.

These types of losses are increasing…quickly. One thing we know for sure is that as long as there’s opportunity for wrongdoers to exploit companies and individuals and capitalize from those exploitations, these losses will continue to rise.

We’re right in the heart of the highest exposure time of year for W-2 fraud that takes place December through April. Your employees’ W-2s are desirable targets for cyber criminals as they contain all information needed to file a fraudulent tax return. Be sure to train your staff to recognize fraudulent requests. Implement protocols like out-of-band verification and multi-factor authentication. Many resources are available to help you ramp up security in this area.

Don’t gamble your company because you’re attempting the “Bird Box Challenge” when it comes to SEF risks. Many resources are included in a robust cyber liability insurance program, but not all programs are created equal. To ensure you get a program designed to meet your unique exposures and work for your organization, make sure to work with a broker that understands this ever-evolving insurance protection and risk landscape.

Remember, cyber insurance is not a replacement for sound cyber security practices and cyber resilience risk management programs. Cyber insurance does, however, provide critical protection for your organization and its leaders. Your company’s stakeholders, customers, employees, and leadership will thank you later.

Explore more from Holmes Murphy