January 04, 2018
You are about to leave Risk Strategies website and view the content of an external website.
You are leaving risk-strategies.com
By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.
What is social engineering fraud?
Social fraud occurs when an employee is intentionally misled into sending money or diverting a payment based on fraudulent information provided to them in a written or verbal communication such as an email, fax, letter or even a phone call.
How does this happen?
Often targeting companies with international branches or foreign suppliers, social fraud hinges on messages that appear to be coming from a legitimate business partner. In many cases, the fraudster has infiltrated an email conversation and obtained a client, vendor or supplier’s signature section to add more legitimacy to their message. Some even alter phone numbers in the signature, so a verification call back would be directed to the fraudster.
How often does this happen?
According to a 2017 report by Verizon, over 100,000 social engineering attacks are launched each day.
WHY YOUR BUSINESS NEEDS PROTECTION
Social fraud can happen to any business. Even well-managed businesses with proven best practices in employee training, partner background screenings and financial checks and balances can be infiltrated.
Fraudsters gain employee confidence by posing as a known entity - vendor, supplier or client. Most companies only discover the deception when the legitimate recipient says they never received a payment.
Typical Loss Scenario:
A manufacturer receives an email appearing to be from one of its vendors, requesting that a payment due be sent to a different account number due to an ongoing audit. The payment is made as requested. When the manufacturer receives a past due notice and calls the vendor, it’s discovered that the vendor’s email had been hacked and the payment instructions email was fraudulent.
Solution:
With the rapid rise of social engineering fraud, insurers are beginning to respond. Some are adding coverage under the Crime or Financial Institution Bond at no additional charge, while others are providing it for a small additional premium.
The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.