As a business owner, you need to be aware of the growing threat of social engineering fraud. This type of fraud can have severe financial consequences for your organization, as illustrated by a recent case:
Just before Christmas 2020, a nonprofit in San Francisco fell victim to a social engineering attack. The organization had planned to loan money to a sister organization. However, hackers impersonated the nonprofit’s third-party bookkeepers and provided fraudulent wire instructions. Over the next month, the nonprofit sent $650,000 in loan payments.
It wasn’t until January 27, 2021, that the nonprofit director discovered the loaned funds had gone straight into the hacker’s bank account. Unfortunately, neither the nonprofit or the sister organization had insurance to cover the loss, so none of the money was ever recovered. The nonprofit was the victim of a social engineering attack, a type of fraud that is becoming far more common and costly.
Common Types of Social Engineering
Social engineering fraud is a tactic where criminals manipulate, influence or deceive you or your employees into transferring, paying or delivering money or securities to their bank account. The fraudster often impersonates a vendor, client, authorized person or coworker. Common types of this crime includes:
- Computer Fraud: A bad actor gains access to a company’s bank network and redirects funds, securities or property elsewhere.
- Funds Transfer Fraud: A business’s bank or financial institution is tricked into transferring funds to the bad actor by pretending to be the insured.
- Social Engineering Fraud: Actual social engineering involves an employee being tricked into making a transfer. The cybercriminal often pretends to be a customer, client, vendor or employee authorized to direct funds.
- Invoice Manipulation: The business’s computer system is used to create or transmit false instructions to a customer, resulting in that customer sending payment to the bad actor rather than the insured.
The Growing Threat
The landscape of cybersecurity threats is constantly evolving, and social engineering fraud has emerged as a significant risk for businesses of all sizes. Recent studies have revealed alarming statistics:
- 94% of organizations have reported some kind of email incident
- 74% of account takeover attacks start with phishing
To safeguard your business against social engineering fraud, consider the two insurance coverages that address this loss – crime and cyber coverage.
Crime or Cyber?
While cyber insurance might seem like the appropriate coverage for social engineering risks, it’s important to note that many instances of social engineering fraud don’t involve an actual hack or intrusion into your network.
Crime insurance policies often provide higher coverage limits for social engineering fraud. However, the best approach may be to have both cyber and crime insurance policies coordinated through the same broker. This can maximize your protection while minimizing out-of-pocket costs in the event of a loss.
Assessing Your Risk
To determine the appropriate coverage for your business, consider the following:
- How often does your business send or receive money via wire transfers?
- What’s the typical volume of these transactions?
- What’s the highest amount transferred in the last 30, 90 and 365 days?
Looking Ahead
As technology evolves, so do the tactics of fraudsters. Artificial intelligence may soon enable even more convincing fake communications, including voicemails and video calls. Business owners need to stay informed so the security of your organization stays protected.
Remember, the right insurance coverage, combined with strong internal controls and employee training, can make all the difference when facing a social engineering attack. Reach out to UNICO Group today to discuss your specific needs and develop a comprehensive protection plan to stay one step ahead of cyber criminals.
