What is social engineering fraud?
Social fraud occurs when an employee is intentionally misled into sending money or diverting a payment based on fraudulent information provided to them in a written or verbal communication such as an email, fax, letter or even a phone call.
How does this happen?
Often targeting companies with international branches or foreign suppliers, social fraud hinges on messages that appear to be coming from a legitimate business partner. In many cases, the fraudster has infiltrated an email conversation and obtained a client, vendor or supplier’s signature section to add more legitimacy to their message. Some even alter phone numbers in the signature, so a verification call back would be directed to the fraudster.
How often does this happen?
According to a 2017 report by Verizon, over 100,000 social engineering attacks are launched each day.
WHY YOUR BUSINESS NEEDS PROTECTION
Social fraud can happen to any business. Even well-managed businesses with proven best practices in employee training, partner background screenings and financial checks and balances can be infiltrated.
Fraudsters gain employee confidence by posing as a known entity - vendor, supplier or client. Most companies only discover the deception when the legitimate recipient says they never received a payment.
Typical Loss Scenario:
A manufacturer receives an email appearing to be from one of its vendors, requesting that a payment due be sent to a different account number due to an ongoing audit. The payment is made as requested. When the manufacturer receives a past due notice and calls the vendor, it’s discovered that the vendor’s email had been hacked and the payment instructions email was fraudulent.
With the rapid rise of social engineering fraud, insurers are beginning to respond. Some are adding coverage under the Crime or Financial Institution Bond at no additional charge, while others are providing it for a small additional premium.