What are Social Engineering Losses and How Can You Protect Yourself from Them?
In recent years, hackers and cyber-thieves have been developing new techniques to infiltrate business’ bank accounts. Early phishing scams were fairly easy to spot: a request from a Nigerian prince or a link purported to take you to your bank’s customer service center were tell-tale signs of suspicious email traffic. It was recommended to never click on the link and delete the email immediately. In response to the masses becoming more aware of these red flags, thieves have countered with more sophisticated attacks, such as CEO Fraud, also known as Social Engineering Fraud. Social engineering is defined as “psychological manipulation of people into performing actions or divulging confidential information.”
Here are some examples of what CEO Fraud or Social Engineering Fraud might look like:
Example 1
An email, purportedly from the CEO, is sent to the firm’s accounting department authorizing an urgent payment to a new vendor with a bogus bank account number. Not wanting to disappoint the CEO, the amount is transferred only to find out the CEO never requested any new vendor payments. Hackers might follow a CEO or CFO’s social media posts to see when they are traveling to make verbal confirmation more difficult for the target.
Example 2
After months of monitoring transactions from accounts payable to a foreign vendor, hackers create a fake email address that is similar to that of the foreign vendor. They then use the fake email address to inform an accounts payable representative that the bank account number has changed and to please send payment to the new account number. Often, the company will only be aware of these fraudulent payments when the real vendor follows up for payment. By then the money is unrecoverable.
Unfortunately, under the CEO Fraud scenario, funds are transferred willingly, with the business’ knowledge; therefore, claims are declined. Similarly, under the Computer Fraud insuring agreement, your insurance company can argue that coverage has not been triggered as the fraudulent payment instructions came into the company via email, and email by its nature is an authorized entry. Another method used is the Voluntary Parting Exclusion, which excludes coverage when someone at your office willfully parts with title to, or possession of, any property.
How can we address this increasing risk? Good news! Traction is gaining and more insurance companies are beginning to extend coverage by endorsement, albeit under sublimits, in both Crime and Cyber lines. Even these small improvements show signs of progress in the industry. By discussing this issue with your BB Insurance Marketing Insurance professional, you can provide added value by educating your employees and setting protocols for verifying large or frequent transfers.
At BB Insurance Marketing, we provide Cyber Liability insurance solutions for any industry with access to insurance providers with specific products to combat data breaches or hacking. Contact us to learn more about our Florida insurance solutions and cyber liability coverage or fill out our quick quote form and get a free quote today!